- From: Charles McCathieNevile <chaals@opera.com>
- Date: Sat, 13 May 2006 19:05:53 -0400
- To: public-wai-ert@w3.org
On Sat, 13 May 2006 15:45:53 -0400, Charles McCathieNevile <chaals@opera.com> wrote: > I recently looked at this for the access-control task force of the Web > Application Formats group. Their use case is slightly different, since > they are esentially lookinjg for something that can be stored in an > attribute value, and they have existing implmentation and backwards > compatibility to consider, restrictions we don't have to live with. Current implementations of the "access-control" PI [0] are based on IP numbers, or domain names, allowing for wild cards. There are alternatives, such as the rules for the scope attribute of P3P's HINT element [1]. Although those are similar, they allow a greater graularity, providing for scheme (e.g. file:, http: etc) and port number constraints, as follows: [quote cite=http://www.w3.org/TR/P3P/#hints] ... the host part of the authority MAY begin with a wildcard, as defined in Section 2.3.2.1.2. The scope attribute MUST NOT contain a wildcard in any other position, MUST be encoded according to the conventions in Section 2.3.2.1.2, and MUST NOT contain a path, query or fragment URI component. Additionally, if the authority is a server, it SHOULD NOT contain a userinfo part. For example, legal values for scope include: http://www.example.com http://www.example.com:81 http://*.example.com ftp://ftp.example.org The following are illegal values for the scope attribute: http://www.*.com ; the wildcard can only be at the start http://www.example.com/ ; the trailing slash is not allowed www.example.com ; the scheme must be stated *://www.example.com ; the scheme cannot contain a wildcard http://www.example.com:*; the port cannot contain a wildcard The path attribute is used to locate the policy reference file on the hinted site. It is a relative URI whose base is the URI scheme and authority matched in the scope attribute. The path attribute MUST NOT be an absolute URI, so that the policy reference file is always retrieved from the same site that it is applied to. [/quote] (Section 2.3.2.1.2 requires that any literal '*' character in the URI is encoded as %2A (i.e. uri-escaped), so that any '*' character encountered in a URI specification is processed as a wildcard.) [0] http://www.w3.org/TR/access-control/ [1] http://www.w3.org/TR/P3P/#hints cheers Chaals -- Charles McCathieNevile chaals@opera.com hablo español - je parle français - jeg lærer norsk Peek into the kitchen: http://snapshot.opera.com/
Received on Saturday, 13 May 2006 23:06:07 UTC