[access-control] Seeking Clarification and Status of Issues #25, #26, #29, #30, #31 and #32

The following issues were created during the July 1-2 f2f meeting  
(minutes at [1], [2], respectively).

Would someone that attended that meeting please elaborate these issues?

In particular, has the Issue been addressed and thus can be proposed  
to be Closed?

-Regards, Art Barstow

[1] <http://www.w3.org/2008/07/01-wam-minutes.html>
[2] <http://www.w3.org/2008/07/02-wam-minutes.html>

* ISSUE-25 - Revocation of cached access grants

* ISSUE-26 Wildcarding is currently possible together with cookies  
which could result in exploitable servers.

* ISSUE-29 Should Access-control allow DNS binding defense?

* ISSUE-30 Should spec have wording to recognise that User Agents may  
implement further security beyond the spec?

* ISSUE-31 Allow POST without a preflight with headers in a whitelist

* ISSUE-32 Each redirect step needs to opt in to AC in order to avoid  
data leaking

Received on Thursday, 9 October 2008 18:00:21 UTC