- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 12 May 2010 13:13:15 -0700
- To: Devdatta <dev.akhawe@gmail.com>
- Cc: Tyler Close <tyler.close@gmail.com>, Ian Hickson <ian@hixie.ch>, Arthur Barstow <Art.Barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>
On Wed, May 12, 2010 at 12:38 PM, Devdatta <dev.akhawe@gmail.com> wrote: > While most of the discussion in this thread is just repeats of > previous discussions, I think Tyler makes a good (and new) point in > that the current CORS draft still has no mention of the possible > security problems that Tyler talks about. The current draft's security > section > > http://dev.w3.org/2006/waf/access-control/#security > > is ridiculous considering the amount of discussion that has taken > place on this issue on this mailing list. > > Before going to rec, I believe Anne needs to substantially improve > this section - based on stuff from maybe Maciej's presentation - which > I found really informative. He could also cite UMP as a possible > option for those worried about security. I agree that the security section in CORS needs to be improved. As for the "should CORS exist" discussion, I'll bow out of those until we're starting to move towards officially adopting a WG decision one way or another, or genuinely new information is provided which would affect such a decision (for the record, I don't think I've seen any new information provided since last fall's TPAC). / Jonas
Received on Wednesday, 12 May 2010 20:14:07 UTC