- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Wed, 19 Dec 2012 16:12:36 -0800
- To: W3C Web App Security WG <public-webappsec@w3.org>, "Hill, Brad" <bhill@paypal-inc.com>
Thanks for the heads-up on this Brad, and for your editing pass on the spec. > As part of the change set detailed in the recent Call for Consensus at: > > http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0072.html > > I believe I resolved many or all of the concerns indicated in the > summary email below. > > One change that was rejected was inclusion of a diagram in the > specification, on discussion on the list that a diagram would be > appropriate in a learning resource like the Web Platform Docs but > that producing a correct and mutually agreeable one need not hold > up CORS's finalization. > > You did not object during the call for consensus, but as part of assuring > that all comments have been resolved and demonstrating CORS's readiness > for Candidate Recommendation, can you please reply to the list either > acknowledging that the edits noted at the above link satisfy the issues > described in your below email, or which, if any, you consider to > still be outstanding? I reviewed <http://www.w3.org/2011/webappsec/cors-draft/> as well as on-list discussion and note that many but not all of the items I raised were explicitly addressed or discussed. However, I do not object to the CORS spec advancing to Candidate Recommendation because the edits noted at the above link address the most substantive items. HTH =JeffH >> -----Original Message----- >> From: =JeffH [mailto:Jeff.Hodges@KingsMountain.com] >> Sent: Tuesday, June 19, 2012 4:35 PM >> To: W3C Web App Security WG >> Subject: email threads wrt comments on Cross-Origin Resource Sharing >> (CORS) >> >> Per EKR's request on the call today, here's pointers to the extant >> messages/threads concerning BHIll's and my comments on Cross-Origin >> Resource Sharing (CORS) (BHIll's origination of the security considerations >> section is down at the end under "ancient history") >> >> HTH, >> >> =JeffH >> ------ >> >> comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (JeffH) >> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0006.html >> >> [cors] hey hey (annevk) >> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0068.html >> >> RE: [cors] hey hey (hill, brad) >> (proposed incorporation of JeffH's comments) >> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0069.html >> >> >> [ Re: [cors] hey hey (annevk, JeffH -- two simply coordination messages >> elided) ] >> >> >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was: >> hey hey) (JeffH) >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0012.html >> >> >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 >> (annevk) >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0016.html >> >> >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was: >> hey >> hey) (annevk) >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0017.html >> >> >> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was: >> hey >> hey) (JeffH) >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0027.html >> >> >> >> >> -------------------------------------------------------------------- >> ancient history -- origination of the CORS security considerations section: >> >> >> Security Considerations for CORS with credentials >> http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0036.html >> >> RE: Security Considerations for CORS with credentials >> http://lists.w3.org/Archives/Public/public-webappsec/2012Jan/0006.html >> >> >> Updated proposal for CORS security considerations >> http://lists.w3.org/Archives/Public/public-webappsec/2012Feb/0021.html >> [+ 4 other messages in thread ] >> >> -------------------------------------------------------------------- > > >
Received on Thursday, 20 December 2012 00:13:01 UTC