W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

Re: P3P - Feedback on Access Control

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 25 Jan 2008 23:59:27 +0100
To: "Close, Tyler J." <tyler.close@hp.com>
Cc: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t5ictdvu64w2qv@annevk-t60.oslo.opera.com>

On Fri, 25 Jan 2008 23:31:44 +0100, Close, Tyler J. <tyler.close@hp.com>  
> Why is this situtation "very unusual"? It may be common. Say I've got a  
> secure mashup application that manages an ATOM store. Since it's secure,  
> the browser cache may be emptied after every visit, so the check  
> requests will have to be repeated on each use.

What is the scenario where you delete/create/modify a lot of different  
resources in an Atom store at once?

I agree that distinct URIs makes sense, but I can't really imagine a  
scenario where this will be a problem. And given that all existing  
policies support per-resource and doing it per-resource is the most secure  
(in case one forgotton application is not yet updated or so) I rather  
stick with the current design.

Anne van Kesteren
Received on Friday, 25 January 2008 22:56:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC