- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Thu, 5 Nov 2009 09:56:49 -0800
- To: public-webapps <public-webapps@w3.org>, Henry Thompson <ht@inf.ed.ac.uk>
For those that may have missed it, during the November 2 CORS discussion, Issue-108 was created to capture the TAG's concern as articulated by Henry below: http://www.w3.org/2008/webapps/track/issues/108 -Regards, Art Barstow [1] http://www.w3.org/2009/11/02-webapps-minutes.html#item03 On Oct 23, 2009, at 6:13 AM, Barstow Art (Nokia-CIC/Boston) wrote: > Below is an email from Henry Thompson re CORS that I am forwarding > with HT's permission. > > -Regards, Art Barstow > > Begin forwarded message: > >> From: "ext Henry S. Thompson" <ht@inf.ed.ac.uk> >> Date: October 22, 2009 2:18:55 PM EDT >> To: "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com> >> Subject: CORS still not getting to closure >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just replied [1] to a message from Anne agreeing that, with >> respect to one of the threads that arose from your original >> forwarding >> of the TAG concerns about CORS [2], namely the importance of server- >> vs. client-side implementation, an issue can be closed. >> >> However, [2] raised _two_ concerns, and the second >> >> there is a real possibility either that the new functionality >> provided would, on the one hand, be insufficiently secure while, on >> the other, discouraging the provision of something more >> satisfactory. >> >> The most recent thread in the archives dealing with this was started >> by Mark Miller [3]. It does not seem to me that his concern, which >> is stated quite clearly: >> >> The core criticism that several of us have raised about CORS has >> never been addressed -- that it creates further confused deputy >> problems. >> >> is reflected as an official issue in your issues list, or that it has >> in fact been resolved (i.e. that the WG has reached consensus on how >> to respond to it). I'm asking you as Chair to please ensure that >> this >> gets into your process formally before you get to Last Call. >> >> Thanks, >> >> ht >> >> [1] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/ >> 0304.html >> [2] http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/ >> 1215.html >> [3] http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/ >> 0102.html >> - -- >> Henry S. Thompson, School of Informatics, University of >> Edinburgh >> Half-time member of W3C Team >> 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 >> 650-4440 >> Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk >> URL: http://www.ltg.ed.ac.uk/~ht/ >> [mail really from me _always_ has this .sig -- mail without it is >> forged spam] >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.6 (GNU/Linux) >> >> iD8DBQFK4KIPkjnJixAXWBoRAmvGAJ0ZE58mX7ICKMQTZh0QZYePf5MhNwCfWiJd >> kyfdoIKF73HkTxyBhUn2Tws= >> =B4YF >> -----END PGP SIGNATURE----- > >
Received on Thursday, 5 November 2009 17:57:50 UTC