Re: ISSUE-10 (client-server): Client and Server model [Access Control]

On Mon, Jun 23, 2008 at 2:35 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> What I have seen suggestions for though is a simpler policy language that
> doesn't send a full white-list to the client, but rather just a yes/no
> decision to the client.

If we go this route, we should be careful about caching of HTTP
responses, especially for GET requests.  We don't want clients to use
cached "yes" responses without consulting the server.

Adam

Received on Monday, 23 June 2008 21:48:13 UTC