W3C home > Mailing lists > Public > public-appformats@w3.org > January 2008

ACTION-158: Input for requirement 1.1

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 30 Jan 2008 22:40:13 +0100
To: public-appformats@w3.org
Message-ID: <20080130214013.GX3549@iCoaster.does-not-exist.org>

Here's a suggestion:

  The solution should not introduce additional attack vectors
  against services that are protected only by way of firewalls. This
  requirement ddresses "intranet" style services authorize any
  requests that can be sent to the service.

  Note that this requirement does not preclude HEAD, OPTIONS, or GET
  requests (even with ambient authentication and session
  information).

I would suggest to refrain from any further discussion of what is or
is not possible.

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Wednesday, 30 January 2008 21:40:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:21 UTC