Ok, I've finished merging them and have posted an updated version: http://www.ietf.org/id/draft-ietf-websec-origin-01.txt
Many apologies for the delay. I believe I've addressed all the feedback I've received thus far. I tried to reposition the scope to be more appropriate for a broader audience. I suspect I'll need to do another round of scope adjustment. If you still see problematic areas, please let me know. Some noteworthy changes: 1) The "principles" document has been integrated as section. That triggered some refactoring of the text and the removal of some now-redundant text. 2) I've removed the explicit requirements regarding redirects and the HTTP Origin header. As far as I know, no one actually implemented that part. It's still allowed by the semantics and the grammar, just not required. The behavior can easily be added by HTTP or CORS, if desired. Some things that still need doing: 1) I still need to write the privacy and security considerations section. This is about another day of work, which I'll hopefully be able to fit in this week. 2) Many of the informative references are just "stubs". I need to fill them in with actual citations. I should be able to get that done at the same time as I address (1). 3) I need to add the IANA boilerplate. Thanks, Adam On Tue, Jun 21, 2011 at 9:42 AM, Tobias Gondrom <[email protected]> wrote: > Sorry, I forgot to clarify in my previous email: > my comment was my opinion as individual. <hat type='individual'/> ;-) > (not as WG chair) > > > On 21/06/11 17:38, Peter Saint-Andre wrote: >> >> <hat type='individual'/> >> >> Agreed. Plus, at some point in the future, people will look for "that >> RFC about same origin" and it would be confusing for them to find two >> instead of one. Best to put it all in one place, I think. >> >> On 6/21/11 10:17 AM, Tobias Gondrom wrote: >>> >>> Hi Adam, >>> >>> FWIW my opinion is in favour of merging the two. >>> Reasons: >>> 1. principles is rather short and gives a good context and introduction >>> to origin, so it seems appropriate to merge them both together. >>> 2. if I would consider origin referencing principles, there might be a >>> larger number of references, which again I would take as a sign that >>> merging them might be the right thing to do. >>> 3. I tend to disagree with Jeff's argument that future references of >>> "principles" would be a good reason to keep both drafts separate. I >>> believe in this case future work can equally reference from the origin >>> draft. >>> >>> Kind regards and looking forward to reading the new version. >>> >>> Tobias _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
