Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was: hey hey) from =JeffH on 2012-06-05 (public-webappsec@w3.org from June 2012)

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Tue, 05 Jun 2012 16:08:44 -0700
To: W3C Web App Security WG <public-webappsec@w3.org>
Message-ID: <4FCE917C.7030505@KingsMountain.com>

hi,

Brad's incorporation of my comments into CORS sec considerations is largely 
fine by me. I've attached a further-redlined version (both .docx and .pdf) of 
the redlined .pdf he had sent to the list with some modest mods.

This sec cons section is large and multi-faceted and so I strongly suggest 
dividing it up into subsections. I've added some suggested subsection titles. 
Brad and my comments also encompass altering the numbering on the bulleted 
items which will help them be more referencable. however it's done is fine by 
me, but as it is it's difficult to reference the numbered items.

Also, my comments from 01 May encompassed more than just the sec cons section 
and humbly suggest that they be considered (I think they'll help the spec be 
understandable by a wider swath of readers).

hope this helps,

=JeffH

Attachments

application/vnd.openxmlformats-officedocument.wordprocessingml.document attachment: HillHodges--CORS_SecCons_Redline--2012-06-05.docx
application/pdf attachment: HillHodges--CORS_SecCons_Redline--2012-06-05.pdf

Received on Tuesday, 5 June 2012 23:09:11 UTC