Re: ISSUE 19: Requirements and Usage Scenarios document

How does the WAF WG want to receive feedback on the use cases and
requirements document? Via adhoc emails on this list?

One thing that strikes me immediately is that there are requirements about
XSS (cross-site scripting) but no mention of CSRF, which is one of the
concern areas from the folks at OpenAjax Alliance, primarliy due to the
current specification saying that cookies will be sent.


             "David Orchard"                                               
             >                                                          To 
             Sent by:                  "WAF WG (public)"                   
             public-appformats         <>          
             01/08/2008 04:04          ISSUE 19: Requirements and Usage    
             PM                        Scenarios document                  

Art suggested that I could do a bit of spec grunt work on requirements
document so I put some pen to paper.  I've made a stab at creating a
requirements/usage scenarios document based upon Ian's requirements.  I've
checked it into the waf access-control cvs dir, but I don't think I have
permissions to make the files world readable.  Hence, I've sent to
www-archive at
The HTML is at

I hope this helps the working group and I'm glad to continue or not
continue work on the document as the WG sees fit.


Received on Wednesday, 9 January 2008 02:42:10 UTC