- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Fri, 16 Nov 2012 08:17:44 -0500
- To: "ext Hill, Brad" <bhill@paypal-inc.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>, "WebApps WG (public-webapps@w3.org)" <public-webapps@w3.org>, "Anne van Kesteren (annevk@annevk.nl)" <annevk@annevk.nl>, "public-web-security@w3.org" <public-web-security@w3.org>, "websec@ietf.org" <websec@ietf.org>
On 11/15/12 5:31 PM, ext Hill, Brad wrote:
>
> I have placed a draft for review at:
>
> http://www.w3.org/2011/webappsec/cors-draft/
>
> And this is a Call for Consensus among the WebAppSec and WebApps WGs
> to take this particular text (with necessary additions to the Status
> of this Document section if approved) forward to Candidate Recommendation.
>
I support this CfC although I am wondering about the CR exit criteria.
Do you expect to re-use the CSP1.0 criteria:
[[
The entrance criteria for this document to enter the Proposed
Recommendation stage is to have a minimum of two independent and
interoperable user agents that implementation all the features of this
specification, which will be determined by passing the user agent tests
defined in the test suite developed by the Working Group.
]]
My preference is what WebApps has used in other CRs because I think it
is clearer that a single implementation is not required to pass every
test but that at least two implementations must pass every test. F.ex.:
<http://www.w3.org/TR/2012/CR-websockets-20120920/#crec>
-Thanks, AB
Received on Friday, 16 November 2012 13:18:32 UTC