W3C home > Mailing lists > Public > public-webapi@w3.org > February 2008

Access Control for Cross-site Requests WD Published

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 15 Feb 2008 15:37:26 +0100
To: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t6klko1t64w2qv@annevk-t60.oslo.opera.com>

Hi all,

The WAF WG published a new snapshot of the editor's draft of Access  
Control for Cross-site Requests yesterday in the W3C Technical Report  
space. It includes recent HTTP header name changes and incorporates a new  
proposal for limiting the amount of requests in case of non-GET methods to  
various different URIs which share the same origin.

In addition to those technical changes it also makes the (until now)  
implicit requirements and use cases explicit by listing them in an  
appendix and contains a short FAQ on design decisions.


We expect the next draft to go to Last Call so hereby we're soliciting  
input, once again, from the Forms WG, HTML WG, HTTP WG, TAG, Web API WG,  
and Web Security Context WG. (All on the "bcc list" so we don't get  
massive cross-list e-mailing.)

We appreciate input from anyone however, so feel free to forward or reply  
to this e-mail as you see fit.

Kind regards,

Anne van Kesteren
Received on Friday, 15 February 2008 14:33:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:59 UTC