On 13.05.2011 07:44, Tobias Gondrom wrote:
...
During the meeting there was also the suggestion to merge both documents
(origin and principles-of-origin) with no objections raised. If you want
to raise objections against that merge please do so now, so that Adam
can proceed with the next revision of the document.
...
I believe that having two documents make sense; what's the benefit of
merging?
That being said, a few comments on draft-abarth-principles-of-origin-00:
Terminology: replace "URL" by "URI" throughout. Replace "MIME type" by
"media type" throughout. Add proper references.
...
A: Although the DNS has hierarchical delegation, the trust
relationships between host names vary by deployment. For example, at
many educational institutions, students can host content at
https://example.edu/~student/, but that does not mean a document
authored by a student should be part of the same origin (i.e.,
represent the same principal) as a web application for managing
grades hosted at https://grades.example.edu/.
Comment: Maybe point out that under this arrangement, the URIs for
different students *will* be in the same origin?
...
4. Authority
It's a bit unfortunate that "authority" is used by RFC 3986 (URI) for
something slightly different. If we don't want to change the term (which
I assume) then it might be a good idea to clarify that this is not the
same thing as the "authority" component of a URI as defined in
<http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.3.2>.
Best regards, Julian
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
