Re: FYI: W3C Workshop on Access Control Application Scenarios; Nov 17-18 in Luxembourg from Rigo Wenning on 2009-09-23 (public-webapps@w3.org from July to September 2009)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 23 Sep 2009 18:48:04 +0200
To: "Anne van Kesteren" <annevk@opera.com>, Charles McCathieNevile <chaals@opera.com>
Cc: "Arthur Barstow" <art.barstow@nokia.com>, "public-webapps" <public-webapps@w3.org>
Message-Id: <200909231848.04788.rigo@w3.org>

Hi Art, Anne, 

looks like the focus of the CORS specification is on very simple 
access control that would just express that site A allows access to 
content if the javascript stuff calls it from a thing found on site 
B. 

The workshop deals with conditions (policy) under which a certain 
resource can be accessed. The conditions include the availability of 
credentials that include crypto credentials. It will also deal with 
the question on how to address credentials that are needed to get 
access. It may also address the question on how to describe the 
resource you are asserting conditions and access control 
restrictions on (e.g. clouds). 

Finally, it deals with privacy semantics and identity management of 
access control and how to assert them e.g. in XACML conditions. 
These are only the things I definitely know will come up. 

So it depends on whether Anne or other Members from the Webapps 
group see benefit in finding out and contributing to more advanced 
access control issues. 

It may be nice for those wanting more power in cross site access 
control, to want to find out how to use more advanced languages 
together with CORS. That may be a very useful contribution from 
folks in webapps.

Best, 

Rigo

On Wednesday 23 September 2009, Anne van Kesteren wrote:
> On Wed, 23 Sep 2009 02:18:02 +0200, Arthur Barstow
>  <art.barstow@nokia.com>
> 
> wrote:
> > Given WebApps' CORS spec, this Workshop (November 17-18 in
> > Luxembourg) may be of interest to you:
> >
> >    http://www.w3.org/2009/policy-ws/cfp.html
> 
> Thanks Art. I looked into this and couldn't really figure out how
>  CORS relates. And if I just misunderstood it, does that mean I
>  should submit a position paper on CORS? The scope seems quite
>  broad so I guess it might fit in somehow, but then we already
>  have a WG that handles it...
> 
> It also sounds like it has overlap with the IETF activity on
>  OAuth.
> 
> (Personally I get quite lost in the sea of terminology used on
>  that page
> 
> :-))
>

Received on Wednesday, 23 September 2009 16:48:43 UTC