- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 03 Nov 2007 23:09:38 -0700
- To: Frederick Hirsch <frederick.hirsch@nokia.com>, "WAF WG (public)" <public-appformats@w3.org>
Frederick Hirsch wrote: > > I have some questions and suggestions regarding Working Draft 1 > "Enabling Read Access for Web Resources" [1], as follows: > > Questions > 1. Should it be possible to use an HTTP HEAD method to obtain HTTP > access control headers without needing to obtain the entire > representation. This might be more efficient in some cases. This could > address a potential security risk associated with retrieving an entire > resource when its use may not be allowed. The problem is that the resource might contain <?access-control?> PIs which deny access to the resource. The implementation won't be able to check these without retrieving the entire resource of course. > 2. Has the WG considered having the server process XML document access > control PI directives and then providing that information as HTTP > headers, avoiding the need for client processing of the XML document? > Could this be a simplification for clients and allow use of HTTP HEAD > consistently? This would require server support thus making adoption significantly harder. As things are now you can simply put a XML file on any existing server and it things will just work. > 3. Why is use of an XML Processor required to process the Processing > Instructions in the prolog? Couldn't simple text processing also be used? It would have to process the data according to the XML specification. Wouldn't that make it an XML processor? / Jonas
Received on Sunday, 4 November 2007 06:09:43 UTC