CORS suggestions [Was: Re: UMP / CORS: Implementor Interest]

On May 12, 2010, at 2:42 PM, ext Jonas Sicking wrote:

> If so, I'd really like to see the chairs move forward with making the
> WG make some sort of formal decision on weather CORS should be
> published or not. Repeating the same discussion over and over is not
> good use your time or mine.

There is sufficient interest in CORS such that we should continue to  
work on it. As such, I don't think any type of "formal decision" re  
publication is needed.

Although this and other recent and related threads have indeed re- 
hashed some previous discussions, among some of the suggestions made  
are:

* CORS' security considerations section needs improvements

  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0625.html
  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0630.html

* Need security analysis e.g. with multi-party deployments; "test the  
security properties of CORS" (e.g. versus UMP)

  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0645.html

* Need usage informatin for the app developer and server admin; when  
is CORS safe to use; which is easier to use; guidelines for not  
"falling prey to attacks with CORS"

  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0543.html
  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0646.html
  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0648.html

* CORS needs text about Confused Deputy

  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0612.html
  http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0648.html

Is anyone willing to contribute to the above?

-Art Barstow

Received on Thursday, 13 May 2010 13:40:43 UTC