- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 06 Feb 2008 18:20:04 -0800
- To: "Klotz, Leigh" <Leigh.Klotz@xerox.com>
- CC: Anne van Kesteren <annevk@opera.com>, public-appformats@w3.org, Forms WG <public-forms@w3.org>
Klotz, Leigh wrote: > Anne, > > We discussed this issue today at the Forms WG F2F meeting, and decided that we would abstain from any comment on the access-control protocol per se; however, we remain interested in enabling the implementation of access-control in XForms user agents. > > While it appears that it would be possible to express the current WD protocol operations (resource GET, header tests, etc.) directly as XForms markup, it would seem to be pointless, as the its raison d'être is user agent enforcement, not optional compliance by authored markup. Yes, I think it would in fact only be confusing if XForms markup was used to "implement" the spec as it might only lead to a false sense of security. > Therefore, we believe that recommendations to XForms user agent authors are in order. (We note that the fact that XForms cross-site access is supported by some implementations was discussed at the 2007/11/05 WAF meeting [1].) Absolutely. It should be fairly easy to integrate the access-control implementation in firefox into the firefox XForms extension. > As noted in Requirement 10 of your current WD, it's likely that no changes to markup XForms markup will be required. However, the XForms WG or WAF (or both) may choose to issue a note offering guidance to user agent implementers. Yup, that was the exact intent. The XForms markup should simply be able to point to a different server as target uri. Best Regards, Jonas Sicking
Received on Thursday, 7 February 2008 02:22:22 UTC