Hi Dave, I'm glad the WG has recognized the problems raised by ISSUE-22 and is working on a solution. As I explained in the corresponding email threads, these problems are a significant impediment to the application of webarch principles, so a solution is a high priority.
I don't yet completely understand the currently proposed, and changing, solution, so am not yet able to say whether or not the problems have been adequately addressed. As I stated in my initial review of the AC4CSR document, I'm uncomfortable with the significant and growing complexity of the design. I think this functionality could be provided in a simpler and safer way. I'm especially concerned about Jonas Sicking's comment that the specification has now grown so complex that he may be unable to implement it all on his first pass for Firefox 3.0. To me, that indicates the specification's complexity has crossed a significant threshold. I think it's time to take a step back and consider the task anew, or for the first time, since it seems the task has yet to be fully understood and documented. At the very least, I think it's clear the current design is not ready to move forward to deployment. 42 --Tyler ________________________________ From: David Orchard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 1:48 PM To: Close, Tyler J. Cc: WAF WG (public) Subject: Issue 22 closed Tyler, I'm pleased to inform you that the WAF working group believes it has resolved an issue you raised. You raised an issue in [1] that we identified as issue #22 [2]. Subsequently, a proposal was put forward to the Working Group and incorporated into the latest editors draft [3]. In a sentence, it adds the ability for a server to grant access to paths in addition to the existing protocols, names, ports and http method specification capabilities. We hope this satisfies your request, and please let us know if it does not. Cheers, Dave Orchard, on behalf of the Web Application Format WG [1] http://lists.w3.org/Archives/Public/public-appformats/2008Jan/0298.html [2] http://www.w3.org/2005/06/tracker/waf/issues/22 [3] http://dev.w3.org/2006/waf/access-control/
