FW: Proposal to Republish CORS as Obsolete Recommendation (Call for Review)

Our group has mentioned CORS many times in our discussions of origins and manifests. It's worth noting that it is being formally obsoleted.

Tzviya Siegman
Information Standards Lead
Wiley
201-748-6884
tsiegman@wiley.com 

-----Original Message-----
From: Coralie Mercier [mailto:coralie@w3.org] 
Sent: Thursday, August 31, 2017 4:36 AM
To: w3c-ac-forum@w3.org
Cc: chairs@w3.org
Subject: Proposal to Republish CORS as Obsolete Recommendation (Call for Review)

Dear Advisory Committee Representative,
Chairs,

This is a proposal to republish the following W3C Recommendation as Obsolete Recommendation:

  Cross-Origin Resource Sharing, W3C Recommendation 16 January 2014
  http://www.w3.org/TR/2014/REC-cors-20140116/


The SoTD should read:

[[
This specification is obsolete and should no longer be used as a basis for implementation.
The [Fetch Living Standard](https://fetch.spec.whatwg.org/) provides the same set of features with additional refinements to improve security, such as the [CORS safelisted request headers](https://fetch.spec.whatwg.org/#cors-safelisted-request-header). The Fetch specification also contains new features, which would not be covered by the [5 February 2004 W3C Patent Policy](https://www.w3.org/Consortium/Patent-Policy-20040205/), such as the possibility to use a [wildcard "*"](https://fetch.spec.whatwg.org/#cors-preflight-fetch-0) in CORS headers. As an historical reference, a [snapshot](https://fetch.spec.whatwg.org/commit-snapshots/f3bb21991abdd335175fcc5d26a0d0b7b380d4fe/) of the Fetch Living Standard as of 15 June 2017 is also available.
]]

Although the Fetch Living Standard continues to evolve and accordingly W3C cannot speak to the stability of the entire spec - the portions of the Fetch spec that obsolete the CORS spec are stable and have sufficient implementations on the Web - the Director supports the Working Group's request to republish the CORS Recommendation as an Obsolete Recommendation.

The approval and publication are in response to this transition request from the Web Application Security Working Group [1]:
  https://lists.w3.org/Archives/Member/chairs/2017JulSep/0089.html


There wasn't any Formal Objection within the Web Application Security Working Group.

Issues are welcome by 2017-09-28 and should be sent to <public-webappsec@w3.org>.

Please review this proposal and indicate whether your organization supports obsoleting this Recommendation or objects to this action, by completing the following questionnaire:
  https://www.w3.org/2002/09/wbs/101147/cors-obs-2017-09/


The deadline for responses is 23:59, Boston time on 2017-09-28. Additional details about the review are available in the questionnaire.

This Call for review follows section 6.9 "Obsoleting or Rescinding a W3C Recommendation" of the W3C Process Document:
  https://www.w3.org/2017/Process-20170301/#rec-rescind


Thank you,

For Tim Berners-Lee, W3C Director, and
Philippe Le Hégaret, Project Management Lead; Coralie Mercier, Head of W3C Marketing & Communications

[1] http://www.w3.org/2011/webappsec/


--
Coralie Mercier  -  W3C Marketing & Communications -  https://www.w3.org mailto:coralie@w3.org +336 4322 0001 https://www.w3.org/People/CMercier/

Received on Thursday, 31 August 2017 11:10:31 UTC