Re: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]
Sunava Dutta wrote: Woo hooo, my first mail to the new webapps alias! -:) Thanks for waiting for us to get feedback in from people across MSFT. As promised, here is the whitepaper on client side cross domain security articulating the security principles and challenges (high level and specifics ) of the current CS-XHR draft. I've also addressed the questions members raised in the FAQ. Thanks Sunava, I look forward to reading this once it is available in an acceptable license. However, I would further hope that you are able to discuss the feedback that are sure to be raised? As with your initial feedback, much of the results of these discussions will also require research and so it is good if we can get as much done before the face to face as possible. As Jonas and Art mention, in order to provide the opportunity for members to research and usefully discuss the contents and other issues, lets talk about our concerns among other items F2F in the first week of July. Yes, though I do want to point out that there are many other issues too to discuss at the F2F other than microsofts feedback. Speaking of which, do we have an agenda yet for the F2F meeting? Look forward to hosting the members here in Redmond. Looking forward to seeing you there! Best Regards, Jonas Sicking
RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]
Woo hooo, my first mail to the new webapps alias! -:) Thanks for waiting for us to get feedback in from people across MSFT. As promised, here is the whitepaper on client side cross domain security articulating the security principles and challenges (high level and specifics ) of the current CS-XHR draft. I've also addressed the questions members raised in the FAQ. As Jonas and Art mention, in order to provide the opportunity for members to research and usefully discuss the contents and other issues, lets talk about our concerns among other items F2F in the first week of July. https://mail.windows.microsoft.com/OWA/redir.aspx?C=7165bcd1f09048ac9fdcd34d2f9556b1URL=http%3a%2f%2fcode.msdn.microsoft.com%2fxdsecuritywp%2fRelease%2fProjectReleases.aspx%3fReleaseId%3d1157 Look forward to hosting the members here in Redmond. From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Sunava Dutta [EMAIL PROTECTED] Sent: Friday, June 06, 2008 2:54 PM To: Arthur Barstow; ext Jonas Sicking; Marc Silbey Cc: [EMAIL PROTECTED]; public-webapi@w3.org WG (public); [EMAIL PROTECTED]; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu Subject: RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests] Art, Jonas, Just a quick update. We've put a lot of effort into the paper and the good news is we're nearly done. It's going through a final peer-review to make sure we've received feedback from experts in the company including our security gurus. (Yes, they do exist at MSFT -:)) I'll be sending out the paper on Tuesday evening or Wednesday the latest. Thanks for waiting. -Original Message- From: Arthur Barstow [mailto:[EMAIL PROTECTED] Sent: Friday, May 16, 2008 5:06 AM To: ext Jonas Sicking; Sunava Dutta Cc: [EMAIL PROTECTED]; public-webapi@w3.org WG (public); public- [EMAIL PROTECTED]; IE8 Core AJAX SWAT Team; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu Subject: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests] Sunava - I tend to agree with Jonas re the timing of MS' response/ feedback. Given the f2f meeting is now about six weeks away, can you commit to and deliver on an earlier deadline, no later than June 6? -Regards, Art Barstow On May 15, 2008, at 10:39 PM, ext Jonas Sicking wrote: Sunava Dutta wrote: This message is not attempting to set forth in detail all the objections we have had; Sunava will deliver that in a concise form. Can you give us a ballpark ETA on this? [Sunava Dutta] Sure, I'm compiling this as we speak. I expect this to be ready and available to the Web API by mid June in the latest. Wow, this is really bad news that we won't get this feedback until just two weeks before the face to face meeting. Especially given the numerous delays in getting this feedback in the past I am very worried that there will be further delays. Are you absolutely certain that won't happen again? Even just having two weeks in order to discuss this feedback prior to the meeting seems like very short on time. I would really encourage you to consider providing this feedback more promptly. I do not wish to attend a face to face meeting solely to discuss new feedback which we have not had the opportunity to research and cannot usefully discuss. I also hope to cover much more than microsofts feedback during the meeting.
RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]
Try this link instead: http://code.msdn.microsoft.com/xdsecuritywp From: Sunava Dutta Sent: Wednesday, June 11, 2008 8:24 PM To: Sunava Dutta; Arthur Barstow; ext Jonas Sicking; Marc Silbey; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; public-webapi@w3.org WG (public); [EMAIL PROTECTED]; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu Subject: RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests] Woo hooo, my first mail to the new webapps alias! -:) Thanks for waiting for us to get feedback in from people across MSFT. As promised, here is the whitepaper on client side cross domain security articulating the security principles and challenges (high level and specifics ) of the current CS-XHR draft. I've also addressed the questions members raised in the FAQ. As Jonas and Art mention, in order to provide the opportunity for members to research and usefully discuss the contents and other issues, lets talk about our concerns among other items F2F in the first week of July. https://mail.windows.microsoft.com/OWA/redir.aspx?C=7165bcd1f09048ac9fdcd34d2f9556b1URL=http%3a%2f%2fcode.msdn.microsoft.com%2fxdsecuritywp%2fRelease%2fProjectReleases.aspx%3fReleaseId%3d1157 Look forward to hosting the members here in Redmond. From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Sunava Dutta [EMAIL PROTECTED] Sent: Friday, June 06, 2008 2:54 PM To: Arthur Barstow; ext Jonas Sicking; Marc Silbey Cc: [EMAIL PROTECTED]; public-webapi@w3.org WG (public); [EMAIL PROTECTED]; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu Subject: RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests] Art, Jonas, Just a quick update. We've put a lot of effort into the paper and the good news is we're nearly done. It's going through a final peer-review to make sure we've received feedback from experts in the company including our security gurus. (Yes, they do exist at MSFT -:)) I'll be sending out the paper on Tuesday evening or Wednesday the latest. Thanks for waiting. -Original Message- From: Arthur Barstow [mailto:[EMAIL PROTECTED] Sent: Friday, May 16, 2008 5:06 AM To: ext Jonas Sicking; Sunava Dutta Cc: [EMAIL PROTECTED]; public-webapi@w3.org WG (public); public- [EMAIL PROTECTED]; IE8 Core AJAX SWAT Team; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu Subject: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests] Sunava - I tend to agree with Jonas re the timing of MS' response/ feedback. Given the f2f meeting is now about six weeks away, can you commit to and deliver on an earlier deadline, no later than June 6? -Regards, Art Barstow On May 15, 2008, at 10:39 PM, ext Jonas Sicking wrote: Sunava Dutta wrote: This message is not attempting to set forth in detail all the objections we have had; Sunava will deliver that in a concise form. Can you give us a ballpark ETA on this? [Sunava Dutta] Sure, I'm compiling this as we speak. I expect this to be ready and available to the Web API by mid June in the latest. Wow, this is really bad news that we won't get this feedback until just two weeks before the face to face meeting. Especially given the numerous delays in getting this feedback in the past I am very worried that there will be further delays. Are you absolutely certain that won't happen again? Even just having two weeks in order to discuss this feedback prior to the meeting seems like very short on time. I would really encourage you to consider providing this feedback more promptly. I do not wish to attend a face to face meeting solely to discuss new feedback which we have not had the opportunity to research and cannot usefully discuss. I also hope to cover much more than microsofts feedback during the meeting.
RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]
On Wed, 11 Jun 2008, Sunava Dutta wrote: Try this link instead: http://code.msdn.microsoft.com/xdsecuritywp Could you forward the paper to the list? (Preferably as plain text, though HTML or PDF would do in a pinch.) It's not clear to me whether the paper on that site is actually covered by the license on that page, and I don't really want to run the risk of committing Google to a license by accident without speaking to our lawyers first, and that seems like a bit of an extreme to go to just to see your feedback. :-) -- Ian Hickson U+1047E)\._.,--,'``.fL http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
RE: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests]
Art, Jonas, Just a quick update. We've put a lot of effort into the paper and the good news is we're nearly done. It's going through a final peer-review to make sure we've received feedback from experts in the company including our security gurus. (Yes, they do exist at MSFT -:)) I'll be sending out the paper on Tuesday evening or Wednesday the latest. Thanks for waiting. -Original Message- From: Arthur Barstow [mailto:[EMAIL PROTECTED] Sent: Friday, May 16, 2008 5:06 AM To: ext Jonas Sicking; Sunava Dutta Cc: [EMAIL PROTECTED]; public-webapi@w3.org WG (public); public- [EMAIL PROTECTED]; IE8 Core AJAX SWAT Team; Eric Lawrence; Chris Wilson; David Ross; Mark Shlimovich (SWI); Doug Stamper; Zhenbin Xu Subject: Seeking earlier feedback from MS [Was: IE Team's Proposal for Cross Site Requests] Sunava - I tend to agree with Jonas re the timing of MS' response/ feedback. Given the f2f meeting is now about six weeks away, can you commit to and deliver on an earlier deadline, no later than June 6? -Regards, Art Barstow On May 15, 2008, at 10:39 PM, ext Jonas Sicking wrote: Sunava Dutta wrote: This message is not attempting to set forth in detail all the objections we have had; Sunava will deliver that in a concise form. Can you give us a ballpark ETA on this? [Sunava Dutta] Sure, I'm compiling this as we speak. I expect this to be ready and available to the Web API by mid June in the latest. Wow, this is really bad news that we won't get this feedback until just two weeks before the face to face meeting. Especially given the numerous delays in getting this feedback in the past I am very worried that there will be further delays. Are you absolutely certain that won't happen again? Even just having two weeks in order to discuss this feedback prior to the meeting seems like very short on time. I would really encourage you to consider providing this feedback more promptly. I do not wish to attend a face to face meeting solely to discuss new feedback which we have not had the opportunity to research and cannot usefully discuss. I also hope to cover much more than microsofts feedback during the meeting.