- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 12 Jan 2008 18:33:35 +0100
- To: Arthur Barstow <art.barstow@nokia.com>
- Cc: public-appformats@w3.org
Some people had asked me to extract my comments about the requirements document and put them on the public list. Here we go... Based on the minutes, but without anybody's words but mine. > TLR: requirement 3.3 - some people don't agree with this requirement > ... req 3.4 - I agree with the Ed Note; not clear what this is and > we need clarification > ... as currently written its too fuzzy > ... req 3.6 - also needs some clarification about what is meant by admin > ... req 3.7 and 3.8 - I think these should be CSRF and not XSS > ... also need to define the baseline for these reqs > ... need to understand the real protection goal and needs more > discussion > > TLR: req 3.9 - the model must be able to deal with caching as > deployed today > ... must be very careful with HTTP caching Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 12 January 2008 18:38:25 UTC