On Nov 9, 2009, at 20:22 , SULLIVAN, BRYAN L (ATTCINW) wrote: > (1) we need to be specific about which API's / resource types are affected by > inclusion (or exclusion) of domains in <access> (and keep this equivalent to > HTML5)
We're very specific: it's a blanket exclusion. Now I can be sensitive to an argument indicating that the default is defined by the security policy of the host language, in which case we need to also clarify which default to pick when there are several (HTML for instance has different origin rules for file:// and http://). My primary objection is that it's pretty late to have this discussion, the restriction has been there for months. -- Robin Berjon - http://berjon.com/
