Stuart - FYI, Anne added text to the latest Editor's Draft of the
Enabling Read Access for Web Resources to address comments you
submitted on 29 August. This Draft is available at:
<http://dev.w3.org/2006/waf/access-control/>
Regards, AB
Begin forwarded message:
Resent-From: [email protected]
From: "ext Anne van Kesteren" <[EMAIL PROTECTED]>
Date: September 20, 2007 9:40:08 AM EDT
To: "WAF WG (public)" <[email protected]>
Subject: Re: ISSUE-16 (ArtB): AC: Add some rationale to the
Introduction [Access Control]
On Tue, 04 Sep 2007 15:39:24 +0200, Web Application Formats Working
Group Issue Tracker <[EMAIL PROTECTED]> wrote:
ISSUE-16 (ArtB): AC: Add some rationale to the Introduction
[Access Control]
http://www.w3.org/2005/06/tracker/waf/issues/
Raised by: Arthur Barstow
On product: Access Control
Raised by: TAG (via Stuart Williams)
See: http://lists.w3.org/Archives/Public/public-appformats/2007Aug/
0025.html
I've added some rationale to the introduction. But I haven't yet
indicated how an implementation could potentially become less
secure. I suppose we could point out that naive implementations
(and specifications defining how to interact with this spec) will
do all kinds of information leakage such as port scanning because
progress events are dispatched etc. and that people should be
cautious with that. Hmm.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
