I was hoping other folks would weigh into the thread. In the interest of moving forward, I'm going to combine them into one document but try to structure the document so that folks who aren't interested in the nuts and bolts can still get the high-level picture. Most of the folks who want to refer to the Principles document probably also want to refer to the Nuts-and-Bolts doc, so having them together makes that easier.
The main tricky thing I'm working on at the moment is the scope / perspective issue. Once I get that hammered out (either tonight or tomorrow), I'll upload a new draft. Thanks, Adam On Mon, Jun 13, 2011 at 1:41 PM, =JeffH <[email protected]> wrote: > Julian asked: > >> I believe that having two documents make sense; what's the benefit of >> merging? > > Yes, I have the same question now (after belatedly reviewing the document in > more detail). I'm thinking Principles of the Same-Origin Policy (PSOP) ought > to be a separate doc, because it'll get referenced down the road > specifically > for this principle stuff, possibly by a wider range of docs than would > reference the Origin header spec (which concerns a particular concrete facet > of web platform machinery). > > I also think (on an admittedly quick re-skim) John Kemp's so-called "scope" > comments are overall apropos -- I have many of the same thoughts.. > > Re: [websec] Principles of the Same-Origin Policy > http://www.ietf.org/mail-archive/web/websec/current/msg00257.html > > You (Adam B) are writing from the perspective of one steeped in browser and > web application internals, and seemingly for a similar audience it seems. > However, I suspect this doc would likely get read by a wider audience, > including those who are trying to learn (or write) about how this complex > "web platform" beast works. > > HTH, > > =JeffH > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec > _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
