ISSUE-20: Client and Server model [Access Control] http://www.w3.org/2005/06/tracker/waf/issues/
Raised by: Arthur Barstow On product: Access Control Issues have been raised regarding client (i.e. browser) versus server aspects of the model. For example, would it better and simple for the policy enforcement point to be the server rather than the client, etc. On 20 December 2007, Tyler Close raised this issue via: <http://lists.w3.org/Archives/Public/public-appformats/2007Dec/0054.html> There were several relevant follow-ups, including but limited to: <http://lists.w3.org/Archives/Public/public-appformats/2007Dec/0068.html> <http://lists.w3.org/Archives/Public/public-appformats/2007Dec/0071.html> <http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0000.html> <http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0004.html> <http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0010.html> <http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0018.html> <http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0032.html> Related issues were also raised on 5 November 2007 during WG's f2f meeting that included members of the Web Security Context WG and the XML Security Spec Maintenance WG: <http://www.w3.org/2007/11/05-waf-minutes.html#item09>
