Request for Comments on Enabling Read Access for Web Resources

TAG Community,

On June 18 the Web Application Formats WG published a new WD of:

   Enabling Read Access for Web Resources

This document defines a mechanism to selectively provide cross-site  
access to a web resource. Using either a HTTP header or an XML  
processing instruction (or both), resources can indicate they allow  
read access from specified hosts (optionally using patterns). When a  
pattern is used, one can also exclude certain hosts. For instance,  
allow read access from all subdomains of (*  
with the exception of  (


The mechanism defined in this specification extends the "default  
browser security sandbox" to allow read access for cross-site  
resources. The extension opens a constrained hole in the browser's  
"default sandbox".

On behalf of the WG, we request comments on this document (preferably  
before August 3) but please send them to:


We are particularly interested in any comments about the mechanism  
defined in this spec being inconsistent with the AWWW.


Art Barstow

Begin forwarded message:

> Resent-From:
> From: "ext Anne van Kesteren" <>
> Date: June 18, 2007 10:53:09 AM EDT
> To: "WAF WG (public)" <>
> Subject: [acccess-control] new draft
> Hi,
> Thanks to the W3C webmasters we were able to get a new public draft  
> out today:
> It includes a lot of the changes debated on this list over the last  
> few months. There are still some minor things that need to be  
> worked out, but we're getting there.
> Cheers,
> -- 
> Anne van Kesteren
> <>
> <>

Received on Friday, 22 June 2007 11:52:45 UTC