Fwd: ISSUE-16 (ArtB): AC: Add some rationale to the Introduction [Access Control]

Stuart - FYI, Anne added text to the latest Editor's Draft of the  
Enabling Read Access for Web Resources to address comments you  
submitted on 29 August. This Draft is available at:

   <http://dev.w3.org/2006/waf/access-control/>

Regards, AB

Begin forwarded message:

> Resent-From: public-appformats@w3.org
> From: "ext Anne van Kesteren" <annevk@opera.com>
> Date: September 20, 2007 9:40:08 AM EDT
> To: "WAF WG (public)" <public-appformats@w3.org>
> Subject: Re: ISSUE-16 (ArtB): AC: Add some rationale to the  
> Introduction [Access Control]
>
>
> On Tue, 04 Sep 2007 15:39:24 +0200, Web Application Formats Working  
> Group Issue Tracker <sysbot+tracker@w3.org> wrote:
>> ISSUE-16 (ArtB): AC: Add some rationale to the Introduction  
>> [Access Control]
>>
>> http://www.w3.org/2005/06/tracker/waf/issues/
>>
>> Raised by: Arthur Barstow
>> On product: Access Control
>>
>> Raised by: TAG (via Stuart Williams)
>> See: http://lists.w3.org/Archives/Public/public-appformats/2007Aug/ 
>> 0025.html
>
> I've added some rationale to the introduction. But I haven't yet  
> indicated how an implementation could potentially become less  
> secure. I suppose we could point out that naive implementations  
> (and specifications defining how to interact with this spec) will  
> do all kinds of information leakage such as port scanning because  
> progress events are dispatched etc. and that people should be  
> cautious with that. Hmm.
>
>
> -- 
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>
>

Received on Monday, 24 September 2007 11:15:28 UTC