RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]

Try this link instead: http://code.msdn.microsoft.com/xdsecuritywp


________________________________________
From: Sunava Dutta
Sent: Wednesday, June 11, 2008 8:24 PM
To: Sunava Dutta; Arthur Barstow; ext Jonas Sicking; Marc Silbey; public-webapps@w3.org
Cc: arun@mozilla.com; public-webapi@w3.org WG (public); public-appformats@w3.org; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu
Subject: RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for  Cross Site Requests]

Woo hooo, my first mail to the new webapps alias! -:)

Thanks for waiting for us to get feedback in from people across MSFT. As promised, here is the whitepaper on client side cross domain security articulating the security principles and challenges (high level and specifics ) of the current CS-XHR draft.
I've also addressed the questions members raised in the FAQ.

As Jonas and Art mention, in order to provide the opportunity for members to research and usefully discuss the contents and other issues, lets talk about our concerns among other items F2F in the first week of July.

https://mail.windows.microsoft.com/OWA/redir.aspx?C=7165bcd1f09048ac9fdcd34d2f9556b1&URL=http%3a%2f%2fcode.msdn.microsoft.com%2fxdsecuritywp%2fRelease%2fProjectReleases.aspx%3fReleaseId%3d1157

Look forward to hosting the members here in Redmond.


________________________________________
From: public-webapi-request@w3.org [public-webapi-request@w3.org] On Behalf Of Sunava Dutta [sunavad@windows.microsoft.com]
Sent: Friday, June 06, 2008 2:54 PM
To: Arthur Barstow; ext Jonas Sicking; Marc Silbey
Cc: arun@mozilla.com; public-webapi@w3.org WG (public); public-appformats@w3.org; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu
Subject: RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for  Cross Site Requests]

Art, Jonas,
Just a quick update. We've put a lot of effort into the paper and the good news is we're nearly done. It's going through a final peer-review to make sure we've received feedback from experts in the company including our security gurus. (Yes, they do exist at MSFT -:))

I'll be sending out the paper on Tuesday evening or Wednesday the latest. Thanks for waiting.

> -----Original Message-----
> From: Arthur Barstow [mailto:art.barstow@nokia.com]
> Sent: Friday, May 16, 2008 5:06 AM
> To: ext Jonas Sicking; Sunava Dutta
> Cc: arun@mozilla.com; public-webapi@w3.org WG (public); public-
> appformats@w3.org; IE8 Core AJAX SWAT Team; Eric Lawrence; Chris Wilson;
> David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu
> Subject: Seeking earlier feedback from MS [Was: IE Team's Proposal for
> Cross Site Requests]
>
> Sunava - I tend to agree with Jonas re the timing of MS' response/
> feedback.
>
> Given the f2f meeting is now about six weeks away, can you commit to
> and deliver on an earlier deadline, no later than June 6?
>
> -Regards, Art Barstow
>
>
> On May 15, 2008, at 10:39 PM, ext Jonas Sicking wrote:
>
> >
> > Sunava Dutta wrote:
> >>>  >This message is not attempting to set forth in detail all the
> >>> objections we have had; Sunava will >deliver that in a concise form.
> >>>
> >>> Can you give us a ballpark ETA on this?
> > > [Sunava Dutta] Sure, I'm compiling this as we speak. I expect
> > this to
> > > be ready and available to the Web API by mid June in the latest.
> >
> > Wow, this is really bad news that we won't get this feedback until
> > just two weeks before the face to face meeting. Especially given
> > the numerous delays in getting this feedback in the past I am very
> > worried that there will be further delays. Are you absolutely
> > certain that won't happen again?
> >
> > Even just having two weeks in order to discuss this feedback prior
> > to the meeting seems like very short on time.
> >
> > I would really encourage you to consider providing this feedback
> > more promptly. I do not wish to attend a face to face meeting
> > solely to discuss new feedback which we have not had the
> > opportunity to research and cannot usefully discuss. I also hope to
> > cover much more than microsofts feedback during the meeting.

Received on Thursday, 12 June 2008 03:37:21 UTC