- From: Eliot Lear <lear@cisco.com>
- Date: Wed, 19 Feb 2014 07:33:12 +0100
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
I support the high level idea that we should produce something along the lines of this draft. There are a few high level issues that should be addressed: 1. There needs to be a companion document discovery of this proxy. The discovery mechanism itself must have some notion of trust built in. 2. The consent model needs to be more granular – on all sides. As a user, I don't want anyone fiddling with my banking bits, but I may want protection from some social network site that has previously had problems with content. A policy statement from the content developer can already be done, but it can also easily be stripped. We sort of now know how to get around that over time, through a bit of state management. That doesn't mean that Big Enterprise Administrator has to let me get through to all sites if I refuse to agree to his proxy requirements, but perhaps Bank of Eliot gets to say, “Ok, but don't talk to me now, and wait til you're outside that proxy.” 3. There should be clarity as to what the proxy is doing. 4. Finally, the user can't be nagged on every network access. I think point [2] covers some of this, but there needs to be a classing / federation approach. In summary, this is a good effort, and the work should continue. Eliot
Received on Wednesday, 19 February 2014 06:33:40 UTC