Julian asked:
> I believe that having two documents make sense; what's the benefit of
> merging?
Yes, I have the same question now (after belatedly reviewing the document in
more detail). I'm thinking Principles of the Same-Origin Policy (PSOP) ought
to be a separate doc, because it'll get referenced down the road specifically
for this principle stuff, possibly by a wider range of docs than would
reference the Origin header spec (which concerns a particular concrete facet of
web platform machinery).
I also think (on an admittedly quick re-skim) John Kemp's so-called "scope"
comments are overall apropos -- I have many of the same thoughts..
Re: [websec] Principles of the Same-Origin Policy
http://www.ietf.org/mail-archive/web/websec/current/msg00257.html
You (Adam B) are writing from the perspective of one steeped in browser and web
application internals, and seemingly for a similar audience it seems. However,
I suspect this doc would likely get read by a wider audience, including those
who are trying to learn (or write) about how this complex "web platform" beast
works.
HTH,
=JeffH
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
