- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 27 Mar 2009 09:21:12 -0700
- To: Thomas Roessler <tlr@w3.org>
- Cc: Sam Ruby <rubys@intertwingly.net>, Dan Connolly <connolly@w3.org>, public-ietf-w3c <public-ietf-w3c@w3.org>
My recollection is that for Origin, the next step is for me to forward links to the previous discussion on the HTTP list to folks from HTML5, because although Adam participated in that discussion, apparently a number of folks were surprised to hear of the conclusion that was reached. Regarding CORS, I think the next step is for me to pass on a reference and solicit review in various parts of the IETF. There's also a question of whether a next-generation CORS is interesting/necessary (given that, AIUI, any substantial feedback is likely not to make it in, given how advanced the implementations apparently are). On 27/03/2009, at 9:08 AM, Thomas Roessler wrote: >>>> From the notes, I can't quite tell whether Origin and CORS got >>>> discussed together or separately. That doesn't really match >>>> reality, as there's (at least in the view of some) >>> "Discussing them separately ignores an important motivation for >>> Origin" is what I mean -- sorry for the unclear words. >> >> They were discussed separately. As you point out, that may have >> been unfortunate. I was unaware of the connection between the two. > > That's what I feared. Mark, any ideas on how to manage next steps > in that discussion? (I'd hope we can avoid the "cross site request > forgery is not a security hole" rathole this time...) -- Mark Nottingham http://www.mnot.net/
Received on Friday, 27 March 2009 16:21:52 UTC