On May 12, 2010, at 2:42 PM, ext Jonas Sicking wrote:
If so, I'd really like to see the chairs move forward with making the
WG make some sort of formal decision on weather CORS should be
published or not. Repeating the same discussion over and over is not
good use your time or mine.
There is sufficient interest in CORS such that we should continue to
work on it. As such, I don't think any type of "formal decision" re
publication is needed.
Although this and other recent and related threads have indeed re-
hashed some previous discussions, among some of the suggestions made
are:
* CORS' security considerations section needs improvements
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0625.html
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0630.html
* Need security analysis e.g. with multi-party deployments; "test the
security properties of CORS" (e.g. versus UMP)
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0645.html
* Need usage informatin for the app developer and server admin; when
is CORS safe to use; which is easier to use; guidelines for not
"falling prey to attacks with CORS"
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0543.html
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0646.html
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0648.html
* CORS needs text about Confused Deputy
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0612.html
http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
0648.html
Is anyone willing to contribute to the above?
-Art Barstow
