Hi all,
The WAF WG published a new snapshot of the editor's draft of Access
Control for Cross-site Requests yesterday in the W3C Technical Report
space. It includes recent HTTP header name changes and incorporates a new
proposal for limiting the amount of requests in case of non-GET methods to
various different URIs which share the same origin.
In addition to those technical changes it also makes the (until now)
implicit requirements and use cases explicit by listing them in an
appendix and contains a short FAQ on design decisions.
http://www.w3.org/TR/2008/WD-access-control-20080214/
We expect the next draft to go to Last Call so hereby we're soliciting
input, once again, from the Forms WG, HTML WG, HTTP WG, TAG, Web API WG,
and Web Security Context WG. (All on the "bcc list" so we don't get
massive cross-list e-mailing.)
We appreciate input from anyone however, so feel free to forward or reply
to this e-mail as you see fit.
Kind regards,
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
