- From: Arthur Barstow <Art.Barstow@nokia.com>
- Date: Fri, 23 Oct 2009 09:13:12 -0400
- To: public-webapps <public-webapps@w3.org>, Anne van Kesteren <annevk@opera.com>, "Mark S. Miller" <erights@google.com>
- Cc: Henry Thompson <ht@inf.ed.ac.uk>
Below is an email from Henry Thompson re CORS that I am forwarding with HT's permission. -Regards, Art Barstow Begin forwarded message: > From: "ext Henry S. Thompson" <ht@inf.ed.ac.uk> > Date: October 22, 2009 2:18:55 PM EDT > To: "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com> > Subject: CORS still not getting to closure > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just replied [1] to a message from Anne agreeing that, with > respect to one of the threads that arose from your original forwarding > of the TAG concerns about CORS [2], namely the importance of server- > vs. client-side implementation, an issue can be closed. > > However, [2] raised _two_ concerns, and the second > > there is a real possibility either that the new functionality > provided would, on the one hand, be insufficiently secure while, on > the other, discouraging the provision of something more > satisfactory. > > The most recent thread in the archives dealing with this was started > by Mark Miller [3]. It does not seem to me that his concern, which > is stated quite clearly: > > The core criticism that several of us have raised about CORS has > never been addressed -- that it creates further confused deputy > problems. > > is reflected as an official issue in your issues list, or that it has > in fact been resolved (i.e. that the WG has reached consensus on how > to respond to it). I'm asking you as Chair to please ensure that this > gets into your process formally before you get to Last Call. > > Thanks, > > ht > > [1] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/ > 0304.html > [2] http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/ > 1215.html > [3] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/ > 0102.html > - -- > Henry S. Thompson, School of Informatics, University of > Edinburgh > Half-time member of W3C Team > 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 > 650-4440 > Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk > URL: http://www.ltg.ed.ac.uk/~ht/ > [mail really from me _always_ has this .sig -- mail without it is > forged spam] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (GNU/Linux) > > iD8DBQFK4KIPkjnJixAXWBoRAmvGAJ0ZE58mX7ICKMQTZh0QZYePf5MhNwCfWiJd > kyfdoIKF73HkTxyBhUn2Tws= > =B4YF > -----END PGP SIGNATURE-----
Received on Friday, 23 October 2009 13:14:19 UTC