I think it makes sense for specifications that use the access control
mechanism to carefully define what the "request URL" is. It's not clear to
me that it be done in a generic way within the access control
specification itself. Suggestions welcome. Latest version of the draft:
http://dev.w3.org/cvsweb/~checkout~/2006/waf/access-control/Overview.html?content-type=text/html;%20charset=utf-8
(The "request URL" is the location of the object from which the request to
the resource, to which the access control read policy applies, originates.)
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
