- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 29 Mar 2012 13:51:20 +0200
- To: Adam Barth <w3c@adambarth.com>
- CC: public-web-security@w3.org
On 2011-02-01 19:59, Adam Barth wrote: > We've been talking a lot about policy semantics, but we haven't talked > much about syntax. It seems like the two main things we'd like to get > out of the syntax are: > > 1) Compactness. Policies should be short. > 2) Legibility. It should be easy for humans to read and author policies. > 3) Extensibility. We'd like a flexible syntax that we can extend for > many years to come. > > The current syntax seems to be something like the following: > > policy = directive *( ";" directive ) > directive = *LWS directive-name 1*LWS directive-value > directive-name =<CHAR, except LWS and ";"> > directive-value =<CHAR, except ";"> > > Is that right? > ... Please have a look at <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-19.html#considerations.for.creating.header.fields>. In particular: - if you do want multiple header field instances, use HTTP list syntax, thus "," as separator - if you don't then disallow "," in field content so you can detect when somebody else *has* combined headers It might be appealing to re-use the syntax of an existing header, such as "Expect": <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-19.html#header.expect> Best regards, Julian
Received on Thursday, 29 March 2012 11:51:58 UTC