On Tue, 02 Aug 2011 14:37:31 +0200, Arthur Barstow <[email protected]>
wrote:
The From-Origin spec is WebApps'; it is _not_ a joint deliverable with
the proposed WebAppSec WG.
I assumed it was because of "Secure Cross-Domain Framing" and the
significant overlap.
I discussed this with Thomas on IRC (not logged) and he hopes that
doing this work in a new group will open up new resources to get it
moving along (e.g. to get a test suite). I am fairly skeptical, but we
agreed that trying it out for half a year should be okay given the low
activity of this work here in WebApps. If nothing much has changed the
work moves back to WebApps, which should work per charters of both
groups.
Did you guys agree on the "which list will CORS use going forward?"
question?
I was okay with trying out a new list for six months. It seems Maciej is
not. Maciej's concern is exactly the one I had.
I agree it can be a bit painful to subscribe to YA list but I think it
has the advantage of getting some "new eyes" on the spec as well as the
advantages mentioned above.
We'll see (or not, depending on how Maciej's concerns are addressed).
--
Anne van Kesteren
http://annevankesteren.nl/
