Re: CORS/UMP to become joint WebApps and WebAppSec joint deliverable

On Tue, 02 Aug 2011 14:37:31 +0200, Arthur Barstow <art.barstow@nokia.com>  
wrote:
> The From-Origin spec is WebApps'; it is _not_ a joint deliverable with  
> the proposed WebAppSec WG.

I assumed it was because of "Secure Cross-Domain Framing" and the  
significant overlap.


>> I discussed this with Thomas on IRC (not logged) and he hopes that  
>> doing this work in a new group will open up new resources to get it  
>> moving along (e.g. to get a test suite). I am fairly skeptical, but we  
>> agreed that trying it out for half a year should be okay given the low  
>> activity of this work here in WebApps. If nothing much has changed the  
>> work moves back to WebApps, which should work per charters of both  
>> groups.
>
> Did you guys agree on the "which list will CORS use going forward?"  
> question?

I was okay with trying out a new list for six months. It seems Maciej is  
not. Maciej's concern is exactly the one I had.


> I agree it can be a bit painful to subscribe to YA list but I think it  
> has the advantage of getting some "new eyes" on the spec as well as the  
> advantages mentioned above.

We'll see (or not, depending on how Maciej's concerns are addressed).


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Wednesday, 3 August 2011 08:22:39 UTC