W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2016

Re: webappsec-ACTION-216: Examine fetch refs for stability

From: Wendy Seltzer <wseltzer@w3.org>
Date: Thu, 21 Apr 2016 12:42:36 -0400
To: Anne van Kesteren <annevk@annevk.nl>, Frederik Braun <fbraun@mozilla.com>
Cc: Web Application Security Working Group <public-webappsec@w3.org>
Message-ID: <571902FC.1040204@w3.org>
On 04/21/2016 02:42 AM, Anne van Kesteren wrote:
> On Wed, Apr 20, 2016 at 9:05 PM, Frederik Braun <fbraun@mozilla.com> wrote:
>> https://www.w3.org/2013/09/normative-references
> Given that most documents W3C once published as "stable" have been
> proven not to be (e.g., CSS1, CSS2, HTML4, HTML5, XHTML, XML,
> Namespaces in XML, SVG) that is a rather curious document and out of
> touch with the reality of developing standards, even those developed
> inside the W3C.
> Seems far more likely Fetch is a problem because The Director
> disagrees with the same-origin policy, even though that's been
> enshrined in the Netscape days and is unlikely to ever change at its
> core.

We've disaggregated the two concerns:

1) The Director has some use cases that aren't necessarily well served.
He's working to explain those more fully so that we can see how it's
possible to accommodate them without breaking the same-origin policy.
(I'm not proposing to change that policy.)

2) All W3C Recs needs to follow the normative reference policy,
including assuring the stability of their references. I've taken an
action to look more closely at the precise nature of the references
WebAppSec specs make to Fetch, to make the case for their stability,
even within an overall living document.


Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Thursday, 21 April 2016 15:42:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:55 UTC