Frederick Hirsch wrote:
I have some questions and suggestions regarding Working Draft 1
"Enabling Read Access for Web Resources" [1], as follows:
Questions
1. Should it be possible to use an HTTP HEAD method to obtain HTTP
access control headers without needing to obtain the entire
representation. This might be more efficient in some cases. This could
address a potential security risk associated with retrieving an entire
resource when its use may not be allowed.
The problem is that the resource might contain <?access-control?> PIs
which deny access to the resource. The implementation won't be able to
check these without retrieving the entire resource of course.
2. Has the WG considered having the server process XML document access
control PI directives and then providing that information as HTTP
headers, avoiding the need for client processing of the XML document?
Could this be a simplification for clients and allow use of HTTP HEAD
consistently?
This would require server support thus making adoption significantly
harder. As things are now you can simply put a XML file on any existing
server and it things will just work.
3. Why is use of an XML Processor required to process the Processing
Instructions in the prolog? Couldn't simple text processing also be used?
It would have to process the data according to the XML specification.
Wouldn't that make it an XML processor?
/ Jonas
