Re: Proposal to Republish CORS as Obsolete Recommendation (Call for Review) from David Wood on 2017-09-01 (public-publ-wg@w3.org from September 2017)

From: David Wood <david.wood@ephox.com>
Date: Fri, 1 Sep 2017 10:48:48 +1000
To: Leonard Rosenthol <lrosenth@adobe.com>
Cc: Ivan Herman <ivan@w3.org>, Tzviya Siegman <tsiegman@wiley.com>, W3C Publishing Working Group <public-publ-wg@w3.org>
Message-ID: <CABdBTrYYq2hCiR8YobroQ1QAUdYbZjG2COb=8joi64u5PuJnPw@mail.gmail.com>
Hi all,

I have a different concern. It seems to me that ceding key specs (HTML,
URL, CORS...) to the WHAT WG removes one of the key advantages of the W3C;
the Patent Policy.

It is difficult for me not to view the movement of these specs from a
consensus group to a group with explicit commercial interests as
threatening to the Open Web Platform.

Of course, I seem to be taking a rather misanthropic approach to W3C
Management this year. Maybe it is them and maybe it is me :/

Regards,
Dave

On 1 September 2017 at 07:29, Leonard Rosenthol <lrosenth@adobe.com> wrote:

> Yeah, those are my two concerns with this direction as well, Ivan…
>
> On 8/31/17, 7:20 AM, "Ivan Herman" <ivan@w3.org> wrote:
>
>     Yep, although the concept is not gone. The WhatWG Fetch spec includes
> the same features as CORS[1] (as far as I know), so it is more that it is
> superseded. However, the Fetch spec is not a W3C spec, so, formally,
> superseded is not the right term…
>
>     Fetch is, of course:-), an extremely-difficult-to-read spec. Anybody
> knows of a good tutorial like text that we could use?
>
>     Ivan
>
>     [1] https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Ffetch.spec.whatwg.org%2F%23http-cors-
> protocol&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> Od79aZ9WBFJmBCX%2B1ED25N2Oa9X5VFTvBU3PbsrWrSY%3D&reserved=0
>
>
>
>     > On 31 Aug 2017, at 13:10, Siegman, Tzviya - Hoboken <
> tsiegman@wiley.com> wrote:
>     >
>     > Our group has mentioned CORS many times in our discussions of
> origins and manifests. It's worth noting that it is being formally
> obsoleted.
>     >
>     > Tzviya Siegman
>     > Information Standards Lead
>     > Wiley
>     > 201-748-6884
>     > tsiegman@wiley.com
>     >
>     > -----Original Message-----
>     > From: Coralie Mercier [mailto:coralie@w3.org]
>     > Sent: Thursday, August 31, 2017 4:36 AM
>     > To: w3c-ac-forum@w3.org
>     > Cc: chairs@w3.org
>     > Subject: Proposal to Republish CORS as Obsolete Recommendation (Call
> for Review)
>     >
>     > Dear Advisory Committee Representative,
>     > Chairs,
>     >
>     > This is a proposal to republish the following W3C Recommendation as
> Obsolete Recommendation:
>     >
>     >  Cross-Origin Resource Sharing, W3C Recommendation 16 January 2014
>     >  https://na01.safelinks.protection.outlook.com/?url=
> http%3A%2F%2Fwww.w3.org%2FTR%2F2014%2FREC-cors-20140116%2F&
> data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> GF8iZLUdT1tnBAbkl3TkftbO7jJikxYpO1KVSVENlvA%3D&reserved=0
>     >
>     > The SoTD should read:
>     >
>     > [[
>     > This specification is obsolete and should no longer be used as a
> basis for implementation.
>     > The [Fetch Living Standard](https://na01.
> safelinks.protection.outlook.com/?url=https%3A%2F%2Ffetch.
> spec.whatwg.org%2F&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> jtrKxtefDkFtGlNt2AWPWtWuLroAT5cPyhqruJxpdEg%3D&reserved=0) provides the
> same set of features with additional refinements to improve security, such
> as the [CORS safelisted request headers](https://na01.
> safelinks.protection.outlook.com/?url=https%3A%2F%2Ffetch.
> spec.whatwg.org%2F%23cors-safelisted-request-header&data=02%7C01%7C%
> 7C74a023b7d2a840e5011a08d4f0623fe8%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C636397752155644684&sdata=E%2Fy06HuZiukNnvq8NfyVpggu6Fo7kb
> JB%2FPGEQb8R6%2Bg%3D&reserved=0). The Fetch specification also contains
> new features, which would not be covered by the [5 February 2004 W3C Patent
> Policy](https://na01.safelinks.protection.outlook.
> com/?url=https%3A%2F%2Fwww.w3.org%2FConsortium%2FPatent-
> Policy-20040205%2F&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> wc2%2B1eDkXEr4KsKnGRrB%2B2xr4%2FhKfPpX4SyP6DV73pk%3D&reserved=0), such as
> the possibility to use a [wildcard "*"](https://na01.safelinks.
> protection.outlook.com/?url=https%3A%2F%2Ffetch.spec.whatwg.org%2F%23cors-
> preflight-fetch-0&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> C3OBbuXbpYO3dKkrqKOorhTc82G7fFRTwgrzdjFW68Y%3D&reserved=0) in CORS
> headers. As an historical reference, a [snapshot](https://na01.
> safelinks.protection.outlook.com/?url=https%3A%2F%2Ffetch.
> spec.whatwg.org%2Fcommit-snapshots%2Ff3bb21991abdd335175fcc5d26a0
> d0b7b380d4fe%2F&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> TXi1T8nI03tuNNhVQbFmG0G6%2FQNR5RMpESaiZLOpgIA%3D&reserved=0) of the Fetch
> Living Standard as of 15 June 2017 is also available.
>     > ]]
>     >
>     > Although the Fetch Living Standard continues to evolve and
> accordingly W3C cannot speak to the stability of the entire spec - the
> portions of the Fetch spec that obsolete the CORS spec are stable and have
> sufficient implementations on the Web - the Director supports the Working
> Group's request to republish the CORS Recommendation as an Obsolete
> Recommendation.
>     >
>     > The approval and publication are in response to this transition
> request from the Web Application Security Working Group [1]:
>     >  https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Flists.w3.org%2FArchives%2FMember%2Fchairs%
> 2F2017JulSep%2F0089.html&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f062
> 3fe8%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%
> 7C636397752155644684&sdata=9xTzHWPu5Mm%2Bqv7h%2FJDMrpQPhqoen%
> 2FWRqDqH9pftQgw%3D&reserved=0
>     >
>     > There wasn't any Formal Objection within the Web Application
> Security Working Group.
>     >
>     > Issues are welcome by 2017-09-28 and should be sent to <
> public-webappsec@w3.org>.
>     >
>     > Please review this proposal and indicate whether your organization
> supports obsoleting this Recommendation or objects to this action, by
> completing the following questionnaire:
>     >  https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.w3.org%2F2002%2F09%2Fwbs%2F101147%
> 2Fcors-obs-2017-09%2F&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> uxBsm8rN%2FpDcsCwhwd9doZnEOsN9tjXH3oqCgc%2BIdfU%3D&reserved=0
>     >
>     > The deadline for responses is 23:59, Boston time on 2017-09-28.
> Additional details about the review are available in the questionnaire.
>     >
>     > This Call for review follows section 6.9 "Obsoleting or Rescinding a
> W3C Recommendation" of the W3C Process Document:
>     >  https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.w3.org%2F2017%2FProcess-20170301%2F%
> 23rec-rescind&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f0623fe8%
> 7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636397752155644684&sdata=
> ovI2aiUoBWiGMysuTedNSU7PNm%2F5lPv4sIrfs87RMpE%3D&reserved=0
>     >
>     > Thank you,
>     >
>     > For Tim Berners-Lee, W3C Director, and
>     > Philippe Le Hégaret, Project Management Lead; Coralie Mercier, Head
> of W3C Marketing & Communications
>     >
>     > [1] https://na01.safelinks.protection.outlook.com/?url=
> http%3A%2F%2Fwww.w3.org%2F2011%2Fwebappsec%2F&data=02%7C01%7C%
> 7C74a023b7d2a840e5011a08d4f0623fe8%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C636397752155644684&sdata=p87NBNXKwxEfSztkz2k3JucAyF7C7k
> 8X88APYWLd9Bs%3D&reserved=0
>     >
>     > --
>     > Coralie Mercier  -  W3C Marketing & Communications -
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.w3.org&data=02%7C01%7C%7C74a023b7d2a840e5011a08d4f062
> 3fe8%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%
> 7C636397752155644684&sdata=W8jM3pONCqiXDlJrbwuFXmN1dtiTNS
> Jd2b7WjbEoLZI%3D&reserved=0 mailto:coralie@w3.org +336 4322 0001
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.w3.org%2FPeople%2FCMercier%2F&data=02%7C01%7C%
> 7C74a023b7d2a840e5011a08d4f0623fe8%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C636397752155644684&sdata=57nT55ERVtzi89z3CDmsq1cUmudidG
> YZWhHU0lKNYz4%3D&reserved=0
>     >
>     >
>     >
>     >
>     >
>
>
>     ----
>     Ivan Herman, W3C
>     Publishing@W3C Technical Lead
>     Home: https://na01.safelinks.protection.outlook.com/?url=
> http%3A%2F%2Fwww.w3.org%2FPeople%2FIvan%2F&data=02%7C01%7C%
> 7C74a023b7d2a840e5011a08d4f0623fe8%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C636397752155644684&sdata=na7mATfltYvMYuFh7KOPW0guNRmMoM
> LxitkPnqfLOOs%3D&reserved=0
>     mobile: +31-641044153
>     ORCID ID: https://na01.safelinks.protection.outlook.com/?url=
> http%3A%2F%2Forcid.org%2F0000-0003-0782-2704&data=02%7C01%7C%
> 7C74a023b7d2a840e5011a08d4f0623fe8%7Cfa7b1b5a7b34438794aed2c178de
> cee1%7C0%7C0%7C636397752155644684&sdata=3Bx%2BjULd4iAUDxqp74LIqk4jntWAVRlS
> sGTkOiFHTio%3D&reserved=0
>
>
>
>
>
Received on Friday, 1 September 2017 00:49:12 UTC