On Wed, 06 Feb 2008 23:40:37 +0100, Klotz, Leigh <[EMAIL PROTECTED]>
wrote:
Therefore, we believe that recommendations to XForms user agent authors
are in order. (We note that the fact that XForms cross-site access is
supported by some implementations was discussed at the 2007/11/05 WAF
meeting [1].)
Yes. The idea is that specifications that use the mechanism have a set of
user agent requirements for non same-origin requests.
The Forms WG has directed me to make the following two requests:
Request 1:
The Forms WG requests that the WAF WG include in the next Working Draft
Introduction a mention of XForms submission, to supplement the current
list of XMLHttpRequest, XBL 2.0, and HTML 5. Text for corresponding
sections, if required, can be TBD (see request 2).
For the mentioned specifications we have drafts that actually point out
Access Control as a solution. We don't have that for XForms yet or XSLT
for that matter.
Request 2:
The Forms WG would like to continue to work with a representative from
WAF to develop a joint proposal for taking advantage of access control
in XForms. The goal would be to develop the following:
- text for the access-control WD section on use case and goals for
XForms integration
Why do you think more text for the access-control document is needed?
- best practice for taking advantage of access-control in XForms 1.1
As noted in Requirement 10 of your current WD, it's likely that no
changes to markup XForms markup will be required. However, the XForms
WG or WAF (or both) may choose to issue a note offering guidance to user
agent implementers.
I've been assigned to work with WAF on this issue for the Forms WG.
We ask that WAF nominate a member to work with me to help achieve these
goals.
I'm willing to take a look at what's drafted for the XForms specification
to make sure it uses Access Control correctly. If more is needed maybe Art
can suggest someone.
--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
