- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 23 Jun 2008 14:35:24 -0700
- To: Web Applications Working Group WG <public-webapps@w3.org>
I don't think we have seen any alternative proposals for putting the policy *enforcement* on the server. It also seems very hard to me to rely on the server enforcing the policy, while still protecting legacy servers, since they currently do not perform any such enforcement. What I have seen suggestions for though is a simpler policy language that doesn't send a full white-list to the client, but rather just a yes/no decision to the client. / Jonas
Received on Monday, 23 June 2008 21:35:41 UTC