- From: Charles McCathieNevile <chaals@opera.com>
- Date: Mon, 20 Mar 2006 17:59:55 +0100
- To: "Jonas Sicking" <jonas@sicking.cc>, "Web APIs WG" <public-webapi@w3.org>
On Sat, 18 Mar 2006 03:17:55 +0100, Jonas Sicking <jonas@sicking.cc> wrote:
> I have an action to ask Hixie why the whatwg spec for XHR restricts more
> headers then our current draft.
>
> He said that the spec is basically still a work in progress and that he
> had gotten many comments on it that were not yet addressed.
>
> His recommendation is that we go ahead with the spec as is and collect
> comments on our own.
>
> The intended reason for the restrictions were simply security.
As I have said before, I have a strong preference that we do not place
restrictions on specs for security reasons. It makes sense that we have a
security issues section in a spec, noting things that are commonly done by
user agents, but I am not convinced that it makes sense to prohibit things
which have use cases in a trusted environment just so the Foo spec can be
complete and stand-alone in an untrusted environment. I hope that an
outcome of the recent W3C security workshop will be that they get a
security group together who actually describe what happens at the moment,
and how to make a decent security model for the web - that would be far
more appropriate than each group trying to work out the security issues
with their own spec...
cheers
Chaals
--
Charles McCathieNevile chaals@opera.com
hablo español - je parle français - jeg lærer norsk
Peek into the kitchen: http://snapshot.opera.com/
Received on Monday, 20 March 2006 16:59:59 UTC