<hat type='individual'/> Agreed. Plus, at some point in the future, people will look for "that RFC about same origin" and it would be confusing for them to find two instead of one. Best to put it all in one place, I think.
On 6/21/11 10:17 AM, Tobias Gondrom wrote: > Hi Adam, > > FWIW my opinion is in favour of merging the two. > Reasons: > 1. principles is rather short and gives a good context and introduction > to origin, so it seems appropriate to merge them both together. > 2. if I would consider origin referencing principles, there might be a > larger number of references, which again I would take as a sign that > merging them might be the right thing to do. > 3. I tend to disagree with Jeff's argument that future references of > "principles" would be a good reason to keep both drafts separate. I > believe in this case future work can equally reference from the origin > draft. > > Kind regards and looking forward to reading the new version. > > Tobias > > > > On 16/06/11 04:59, Adam Barth wrote: >> I was hoping other folks would weigh into the thread. In the interest >> of moving forward, I'm going to combine them into one document but try >> to structure the document so that folks who aren't interested in the >> nuts and bolts can still get the high-level picture. Most of the >> folks who want to refer to the Principles document probably also want >> to refer to the Nuts-and-Bolts doc, so having them together makes that >> easier. >> >> The main tricky thing I'm working on at the moment is the scope / >> perspective issue. Once I get that hammered out (either tonight or >> tomorrow), I'll upload a new draft. >> >> Thanks, >> Adam >> >> >> On Mon, Jun 13, 2011 at 1:41 PM, >> =JeffH<jeff.hod...@kingsmountain.com> wrote: >>> Julian asked: >>> >>>> I believe that having two documents make sense; what's the benefit of >>>> merging? >>> Yes, I have the same question now (after belatedly reviewing the >>> document in >>> more detail). I'm thinking Principles of the Same-Origin Policy >>> (PSOP) ought >>> to be a separate doc, because it'll get referenced down the road >>> specifically >>> for this principle stuff, possibly by a wider range of docs than would >>> reference the Origin header spec (which concerns a particular >>> concrete facet >>> of web platform machinery). >>> >>> I also think (on an admittedly quick re-skim) John Kemp's so-called >>> "scope" >>> comments are overall apropos -- I have many of the same thoughts.. >>> >>> Re: [websec] Principles of the Same-Origin Policy >>> http://www.ietf.org/mail-archive/web/websec/current/msg00257.html >>> >>> You (Adam B) are writing from the perspective of one steeped in >>> browser and >>> web application internals, and seemingly for a similar audience it >>> seems. >>> However, I suspect this doc would likely get read by a wider audience, >>> including those who are trying to learn (or write) about how this >>> complex >>> "web platform" beast works. >>> >>> HTH, >>> >>> =JeffH >>>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
