[access-control] Editorial comments on Requirements Appendix v1.137 from Arthur Barstow on 2008-01-23 (public-appformats@w3.org from January 2008)

From: Arthur Barstow <art.barstow@nokia.com>
Date: Wed, 23 Jan 2008 10:18:23 -0500
To: public-appformats@w3.org
Message-Id: <30B42553-EE08-4149-928C-4A0EB0F24BA2@nokia.com>

Below are some editorial comments on the Requirements appendix (v1.137).

Regards, Art Barstow

1. The intro could be simplified by using something like:

[[
Requirements (non-normative)

This requirements for this specification are:
]]

2. Req #1 - change to:

[[
1. Security requirements

  * Must not introduce new attack vectors.

  * Must not introduce attack vectors to servers that are only  
protected only by a firewall.

    Some servers authenticate solely by relying on the fact that the  
user can connect to the server.

    Although anyone can issue an arbitrarily formatted request to a  
server on the internet, this is not true for servers on intranets  
behind firewalls. The only requests that can be issued to such  
servers today are ones that browsers send out. This includes GET  
requests (from a multitude of features in HTML, such as the HTML img  
element) and POST requests from the HTML form element.

  * It should not be possible to issue cross-site POST requests  
containing XML data.

    This is because some deployed SOAP servers communicate using XML  
sent over POST requests and could perform potentially dangerous attacks.

  * Should try to prevent dictionary-based, distributed, brute-force  
attacks that try to get login accounts to 3rd party servers, to the  
extent possible.

  * Should properly enforce security policy in the face of commonly  
deployed proxy servers sitting between the user agent and any of  
servers with whom the user agent is communicating.

  * Should not allow loading and exposing of resources from 3rd party  
servers without explicit consent of these servers as such resources  
can contain sensitive information.
]]

3. Req #4 - change to:

[[
Must be able to easily deploy support for cross-site GET requests.  
Additionally, should not have to use server-side scripting (such as  
PHP, ASP, or CGI) in a typical server configuration.
]]

4. Req #5 - change to:

[[
It should be possible to put the resource, that is made available  
cross-site, in its normal format on the server. It should also be  
possible to use normal development tools to interact with the  
resource directly on the server. That is, it should not be necessary  
to repackage or reformat the resource just to make it possible to  
load from other servers.
]]

5. Req #5 - I don't understand the last sentence in this context (for  
example what is "this"):

[[
This equally applies to sending a resource as part of the request  
entity body.
]]

6. Req #7 - change to:

[[
It should be possible to distribute content of any type.
]]

7. Req #7 - I don't understand the last sentence in this context:

[[
This applies equally to the request and response entity body.
]]

8. Req #9 a) change "wrongly" to "incorrectly"; b) change "whole" to  
"the entire"

9. Req #10 - the second sentence uses the work "example" three times  
and hence is bit hard to understand. Perhaps something like the  
following would be clearer:

[[
For instance, the following examples should be possible to use for  
resources residing on ...
]]

Received on Wednesday, 23 January 2008 15:19:10 UTC