- From: Jonathan Rees <jar@creativecommons.org>
- Date: Tue, 9 Nov 2010 15:44:24 -0500
- To: Michael Hausenblas <michael.hausenblas@deri.org>
- Cc: AWWSW TF <public-awwsw@w3.org>
On Tue, Nov 9, 2010 at 10:17 AM, Michael Hausenblas <michael.hausenblas@deri.org> wrote: > >> Thanks for pointing us at >> http://river.styx.org/ww/2010/10/corscheck >> - it's very interesting. > > You're welcome ;) > >> CORS hasn't even gone to last call yet, so I hope people aren't >> getting too accustomed to it in its draft form. Might be better for >> people to wait until CR. > > True. Nevertheless we're trying to establish it (at least) for Linked Data, > see http://enable-cors.org/ ... Blah. The Web has a long history of premature adoption meaning that specs (or undocumented designs) end up getting no expert review - and this one in particular has not had adequate security review. If there are any W3C members involved in promoting production deployment of a working draft, they ought to be ... um ... sorry, can't figure out a polite way to end that sentence. I'm going to pretend I didn't read the personnel list at the bottom. According to the process document, CR means: "W3C believes the technical report is stable and appropriate for implementation." By implicature, one might say that for a pre-CR draft, especially a pre-LC draft, "W3C believes the technical report is NOT stable and appropriate for implementation." At the very least I urge the authors of the enable-cors.org page to include a disclaimer to the effect that CORS is not stable or appropriate for implementation, and has not received expert review. Then at least any potential adopter will be fully informed. Maybe one of them is reading this message? I wonder if UMP, which is much simpler than full CORS and more obviously safe, could be pushed to CR quickly? That's all you need for linked data, anyhow. Jonathan
Received on Tuesday, 9 November 2010 20:44:52 UTC