- From: Klotz, Leigh <Leigh.Klotz@xerox.com>
- Date: Thu, 7 Feb 2008 09:28:55 -0800
- To: "Jonas Sicking" <jonas@sicking.cc>
- Cc: "Anne van Kesteren" <annevk@opera.com>, <public-appformats@w3.org>, "Forms WG" <public-forms@w3.org>
Great! Thank you for confirming the assumptions I've made. I'm pleased to see you're considering implementation in the Mozilla Firefox user agent. Once that's underway, would you be willing to help write the guidelines on the basis of that work? I'll work with the Forms WG to find the right publication avenue (W3C Note, one of our recommendation-track documents, etc.) Leigh. -----Original Message----- From: Jonas Sicking [mailto:jonas@sicking.cc] Sent: Wednesday, February 06, 2008 6:20 PM To: Klotz, Leigh Cc: Anne van Kesteren; public-appformats@w3.org; Forms WG Subject: Re: [access-control] Forms WG comments on Access Control WD Klotz, Leigh wrote: > Anne, > > We discussed this issue today at the Forms WG F2F meeting, and decided that we would abstain from any comment on the access-control protocol per se; however, we remain interested in enabling the implementation of access-control in XForms user agents. > > While it appears that it would be possible to express the current WD protocol operations (resource GET, header tests, etc.) directly as XForms markup, it would seem to be pointless, as the its raison d'être is user agent enforcement, not optional compliance by authored markup. Yes, I think it would in fact only be confusing if XForms markup was used to "implement" the spec as it might only lead to a false sense of security. > Therefore, we believe that recommendations to XForms user agent authors are in order. (We note that the fact that XForms cross-site access is supported by some implementations was discussed at the 2007/11/05 WAF meeting [1].) Absolutely. It should be fairly easy to integrate the access-control implementation in firefox into the firefox XForms extension. > As noted in Requirement 10 of your current WD, it's likely that no changes to markup XForms markup will be required. However, the XForms WG or WAF (or both) may choose to issue a note offering guidance to user agent implementers. Yup, that was the exact intent. The XForms markup should simply be able to point to a different server as target uri. Best Regards, Jonas Sicking
Received on Thursday, 7 February 2008 17:29:52 UTC