Hi Thomas, On Jun 9, 2009, at 09:59 , Thomas Roessler wrote:
1. The definitions section seems to introduce "instantiated components" as a first class object that is granted access.
That is correct, I have changed it throughout the spec to talk only of execution scopes.
2. It would be useful for the policy section to explicitly say that network access from the web execution scope is controlled by the HTML5 security policy, not by this specification's security policy.
I've changed it to punt to the used language's security policy.
4. The processing model is gratuitously detailed and complex, and pins down implementation detail. For example, the meaning of a sequence of access elements does not actually depend on the order in which these elements appear;
That was a bug. I've simplified the rest of the model so that it fills about half the space it used to.
Thanks for your comments! -- Robin Berjon - http://berjon.com/ Feel like hiring me? Go to http://robineko.com/
