> As for the "should CORS exist" discussion, I'll bow out of those until > we're starting to move towards officially adopting a WG decision one > way or another, or genuinely new information is provided which would > affect such a decision (for the record, I don't think I've seen any > new information provided since last fall's TPAC).
exactly -- I don't see this thread getting anywhere. cheers devdatta On 12 May 2010 13:13, Jonas Sicking <[email protected]> wrote: > On Wed, May 12, 2010 at 12:38 PM, Devdatta <[email protected]> wrote: >> While most of the discussion in this thread is just repeats of >> previous discussions, I think Tyler makes a good (and new) point in >> that the current CORS draft still has no mention of the possible >> security problems that Tyler talks about. The current draft's security >> section >> >> http://dev.w3.org/2006/waf/access-control/#security >> >> is ridiculous considering the amount of discussion that has taken >> place on this issue on this mailing list. >> >> Before going to rec, I believe Anne needs to substantially improve >> this section - based on stuff from maybe Maciej's presentation - which >> I found really informative. He could also cite UMP as a possible >> option for those worried about security. > > I agree that the security section in CORS needs to be improved. > > As for the "should CORS exist" discussion, I'll bow out of those until > we're starting to move towards officially adopting a WG decision one > way or another, or genuinely new information is provided which would > affect such a decision (for the record, I don't think I've seen any > new information provided since last fall's TPAC). > > / Jonas >
