Sorry, I forgot to clarify in my previous email:
my comment was my opinion as individual. <hat type='individual'/> ;-)
(not as WG chair)
On 21/06/11 17:38, Peter Saint-Andre wrote:
<hat type='individual'/>
Agreed. Plus, at some point in the future, people will look for "that
RFC about same origin" and it would be confusing for them to find two
instead of one. Best to put it all in one place, I think.
On 6/21/11 10:17 AM, Tobias Gondrom wrote:
Hi Adam,
FWIW my opinion is in favour of merging the two.
Reasons:
1. principles is rather short and gives a good context and introduction
to origin, so it seems appropriate to merge them both together.
2. if I would consider origin referencing principles, there might be a
larger number of references, which again I would take as a sign that
merging them might be the right thing to do.
3. I tend to disagree with Jeff's argument that future references of
"principles" would be a good reason to keep both drafts separate. I
believe in this case future work can equally reference from the origin
draft.
Kind regards and looking forward to reading the new version.
Tobias
On 16/06/11 04:59, Adam Barth wrote:
I was hoping other folks would weigh into the thread. In the interest
of moving forward, I'm going to combine them into one document but try
to structure the document so that folks who aren't interested in the
nuts and bolts can still get the high-level picture. Most of the
folks who want to refer to the Principles document probably also want
to refer to the Nuts-and-Bolts doc, so having them together makes that
easier.
The main tricky thing I'm working on at the moment is the scope /
perspective issue. Once I get that hammered out (either tonight or
tomorrow), I'll upload a new draft.
Thanks,
Adam
On Mon, Jun 13, 2011 at 1:41 PM,
=JeffH<jeff.hod...@kingsmountain.com> wrote:
Julian asked:
I believe that having two documents make sense; what's the benefit of
merging?
Yes, I have the same question now (after belatedly reviewing the
document in
more detail). I'm thinking Principles of the Same-Origin Policy
(PSOP) ought
to be a separate doc, because it'll get referenced down the road
specifically
for this principle stuff, possibly by a wider range of docs than would
reference the Origin header spec (which concerns a particular
concrete facet
of web platform machinery).
I also think (on an admittedly quick re-skim) John Kemp's so-called
"scope"
comments are overall apropos -- I have many of the same thoughts..
Re: [websec] Principles of the Same-Origin Policy
http://www.ietf.org/mail-archive/web/websec/current/msg00257.html
You (Adam B) are writing from the perspective of one steeped in
browser and
web application internals, and seemingly for a similar audience it
seems.
However, I suspect this doc would likely get read by a wider audience,
including those who are trying to learn (or write) about how this
complex
"web platform" beast works.
HTH,
=JeffH
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
