FYI, I'll be giving a lightning talk about the access-control work later today, at hack.lu.
Slides: http://www.w3.org/2007/Talks/1020-hacklu-tlr.pdf Incidentally, this has finally prodded me to review the recently added material. I'm having some qualms about the way we're handling non-GET methods, and will be sending comments later. In a nutshell, we're currently mixing client-side evaluation of policies with service-side evaluation of policies; I would suggest we settle for either. Regards, -- Thomas Roessler, W3C <[EMAIL PROTECTED]>
