- From: Arthur Barstow <Art.Barstow@nokia.com>
- Date: Thu, 13 May 2010 09:39:21 -0400
- To: ext Jonas Sicking <jonas@sicking.cc>
- Cc: public-webapps <public-webapps@w3.org>, Anne van Kesteren <annevk@opera.com>, Tyler Close <tyler.close@gmail.com>
On May 12, 2010, at 2:42 PM, ext Jonas Sicking wrote: > If so, I'd really like to see the chairs move forward with making the > WG make some sort of formal decision on weather CORS should be > published or not. Repeating the same discussion over and over is not > good use your time or mine. There is sufficient interest in CORS such that we should continue to work on it. As such, I don't think any type of "formal decision" re publication is needed. Although this and other recent and related threads have indeed re- hashed some previous discussions, among some of the suggestions made are: * CORS' security considerations section needs improvements http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0625.html http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0630.html * Need security analysis e.g. with multi-party deployments; "test the security properties of CORS" (e.g. versus UMP) http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0645.html * Need usage informatin for the app developer and server admin; when is CORS safe to use; which is easier to use; guidelines for not "falling prey to attacks with CORS" http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0543.html http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0646.html http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0648.html * CORS needs text about Confused Deputy http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0612.html http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0648.html Is anyone willing to contribute to the above? -Art Barstow
Received on Thursday, 13 May 2010 13:40:43 UTC