Jonas, thanks for this input. FYI, Anne included it in the Requirements appendix of his latest Editor's Draft:
<http://dev.w3.org/2006/waf/access-control/#requirements> Regards, Art Barstow On Jan 17, 2008, at 4:27 AM, ext Jonas Sicking wrote:
Hi again,Just wanted to summarize some attack vectors that we want to make sure that we fend off:The general rule of thumb is "Don't introduce new attack vectors". All below points are derived from that general rule.
