- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 25 May 2007 15:09:08 +0200
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: Anne van Kesteren <annevk@opera.com>, "WAF WG (public)" <public-appformats@w3.org>
On 2007-05-21 16:27:20 -0700, Jonas Sicking wrote: > I agree that you could make the server go through all the public > files on the filesystem and modify them to add excludes as > appropriate, or filter each request on the fly. However that > system is significantly more complicated and I doubt that anyone > would have that ready to go once the problem hits. It also does > not allow the content author to override a server set AC header. All I can say is that I'm not convinced. My main objective is to keep the language's expressivity as it would appear to a policy author (or human reader) in line with the expressivity that it will really have. A broad "deny" statement in the language that doesn't really have any effect because the policy is only evaluated in certain conditions is somethig else, and lends itself to scope creep of the language. I wonder if anybody else here wants to chime in on this. -- Thomas Roessler, W3C <tlr@w3.org>
Received on Friday, 25 May 2007 13:09:20 UTC