RE: P3P - Feedback on Access Control

[Close, Tyler J.]

Mark Nottingham wrote:
> * per-resource OPTIONS requests are too chatty, don't scale to large
> numbers of resources, eventually causing developers to come up with
> workarounds such as boxcarring messages

I think Mark raises an important point here. Anne's response that the 
authorization request can be cached does not mitigate this performance problem, 
since the application may only issue a single request to a series of distinct 
resources. Consequently, this performance issue discourages application of the 
webarch principle which encourages use of distinct URIs for distinct resources. 
The WG's current proposal adds a network round-trip for each distinct URI in a 
web application.

For tracker, I think this point should be discussed when considering ISSUE-20:

http://www.w3.org/2005/06/tracker/waf/issues/20

--Tyler