review Access Control for Cross-site Requests?

Hey,

I saw you worked on JSONRequest and have done a fair amount of security  
research into Web browsers, etc. Any chance you could review the stuff  
we're planning for XMLHttpRequest Level 2 and other protocols (such as  
server-sent events, XSLT, and XBL 2.0):

   http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
   http://dev.w3.org/2006/waf/access-control/

These documents are still changing and feedback is welcome on  
public-webapi@w3.org for the former and public-appformats@w3.org for the  
latter (in due course these activities will be merged under a single WG if  
all goes well). You can also e-mail me directly if that's more convenient,  
although in that case I'd prefer if you cc'ed a public mailing list, such  
as www-archive@w3.org as I've done here.

Kind regards,


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Saturday, 2 February 2008 10:59:41 UTC