- From: Williams, Stuart (HP Labs, Bristol) <skw@hp.com>
- Date: Fri, 6 Jul 2007 15:16:19 +0100
- To: "Arthur Barstow" <art.barstow@nokia.com>, "Phil Archer" <parcher@icra.org>
- Cc: <www-tag@w3.org>
Art, Phil, In response to a request from the WAF-WG [1] to review "Enabling Read Access to Web Resources" [2] the TAG is concerned to ensure that there is good alignment between your WGs wrt the specification of resource sets. We observe that [2] involves the specification of 'allow' and 'deny' sets of resources (which in this case happen to be the origins of scripted behaviours executed by user agents). There is some resonance between [2] and POWDER work on grouping resource sets by address. We believe that there is or should be some common interest in the specification of such resource sets between your WGs. Given that web masters are the likely authors of configuration information for both script access controls (as in [2]) and for content-labeling (a POWDER application) and that both involve making assertions about sets of resources (allow/deny assertions v assertions about the nature of web content) we believe that there should be at least some conceptual coherence and ideally some syntactic coherence in the way that both POWDER and WAF-WG approach the description of sets of resource that are the subject of such assertions. For example, consider the scenario in which the author of a resource identified by http://www.sales.example.com/strategy.html wishes to allow cross-domain access from any resource identified by an example.com URI. Per [2], this set is specified with a pair of 'access items' as: http://*.example.com https://*.example.com Whereas using the 'PERL regexp' based approach being considered by POWDER (option 5 at [3]), the same set is specified as: ^https?://[^:/?#]+\.)*example\.com/ We think having two similar-but-different mechanisms to achieve the same goal should be avoided if at all possible. We would be interested to hear from you whether you think there is any possibility of seeking considerably more alignment between the work of your two groups, so that where their requirements overlap there is at least cross-reference, and at best sharing of terminology, operational semantics and perhaps even syntax. Best regards Stuart Williams for W3C TAG -- [1] http://lists.w3.org/Archives/Public/www-tag/2007Jun/0114.html [2] http://www.w3.org/TR/2007/WD-access-control-20070618/ [3] http://www.w3.org/blog/powder/2007/04/27/meeting_summary_26_27_april_200 7 -- Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England
Received on Friday, 6 July 2007 14:18:09 UTC