On Mon, 28 Jan 2008 03:05:32 +0100, Web Application Formats Working Group
Issue Tracker <[EMAIL PROTECTED]> wrote:
ISSUE-22 (ac4csr-webarch): The AC4CSR spec and "webarch" [Access Control]
http://www.w3.org/2005/06/tracker/waf/issues/
Raised by: Arthur Barstow
On product: Access Control
Tyler Close asserts the AC4CSR spec is "counter to what webarch tries to
encourage" regarding:
[[
Good practice: Identify with URIs
<http://www.w3.org/TR/webarch/#pr-use-uris>
]]
This is not what the issue is about. As far as I can tell this is a
duplicate of the server vs client issue. I think it's a bit of stretch to
say that we're going against the Web architecture. If anything, our
solution tries to impact the Web architecture as little as possible. We're
not requiring people to use a specific technology to do cross-site
requests. We're not trying to impose limits on HTTP by only letting SOAP
go cross-site or something weird like that.
The only quibble here is that Access Control, like robots.txt,
favicon.ico, P3P, style sheets, etc. has a per-resource policy, but unlike
robots.txt, favicon.ico, and P3P does not have a per-origin (scheme,
domain, port) policy. And I strongly believe that we should not go there
now.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
