How does the WAF WG want to receive feedback on the use cases and requirements document? Via adhoc emails on this list?
One thing that strikes me immediately is that there are requirements about
XSS (cross-site scripting) but no mention of CSRF, which is one of the
concern areas from the folks at OpenAjax Alliance, primarliy due to the
current specification saying that cookies will be sent.
Jon
"David Orchard"
<[EMAIL PROTECTED]
> To
Sent by: "WAF WG (public)"
public-appformats <[email protected]>
[EMAIL PROTECTED] cc
Subject
01/08/2008 04:04 ISSUE 19: Requirements and Usage
PM Scenarios document
Art suggested that I could do a bit of spec grunt work on requirements
document so I put some pen to paper. I've made a stab at creating a
requirements/usage scenarios document based upon Ian's requirements. I've
checked it into the waf access-control cvs dir, but I don't think I have
permissions to make the files world readable. Hence, I've sent to
www-archive at
http://lists.w3.org/Archives/Public/www-archive/2008Jan/0010.html
The HTML is at
http://lists.w3.org/Archives/Public/www-archive/2008Jan/att-0010/AccessControl-Requirements-20070108.html
I hope this helps the working group and I'm glad to continue or not
continue work on the document as the WG sees fit.
Cheers,
Dave
<<inline: graycol.gif>>
<<inline: pic01641.gif>>
<<inline: ecblank.gif>>
