Klotz, Leigh wrote:
Anne,
We discussed this issue today at the Forms WG F2F meeting, and decided that we
would abstain from any comment on the access-control protocol per se; however,
we remain interested in enabling the implementation of access-control in XForms
user agents.
While it appears that it would be possible to express the current WD protocol operations (resource GET, header tests, etc.) directly as XForms markup, it would seem to be pointless, as the its raison d'ĂȘtre is user agent enforcement, not optional compliance by authored markup.
Yes, I think it would in fact only be confusing if XForms markup was
used to "implement" the spec as it might only lead to a false sense of
security.
Therefore, we believe that recommendations to XForms user agent authors are in
order. (We note that the fact that XForms cross-site access is supported by
some implementations was discussed at the 2007/11/05 WAF meeting [1].)
Absolutely. It should be fairly easy to integrate the access-control
implementation in firefox into the firefox XForms extension.
As noted in Requirement 10 of your current WD, it's likely that no changes to markup XForms markup will be required. However, the XForms WG or WAF (or both) may choose to issue a note offering guidance to user agent implementers.
Yup, that was the exact intent. The XForms markup should simply be able
to point to a different server as target uri.
Best Regards,
Jonas Sicking
