In my experience, it's possible make editorial changes without significant
hiccup as long as it is clear there is no objection -- and adding a
non-controversial term definition would seem to be editorial.
However, I'm really baffled by "Two URIs are the same-origin if their origins
are the same."
NOTE: A URI is not necessarily same-origin with itself. For
example, a data URI [RFC2397] is not same-origin with itself
because data URIs do not use a server-based naming authority and
therefore have globally unique identifiers as origins.
If "origin" is an attribute of a "URI", then a.origin = a.origin. If a URI
"has" an origin, how can that origin be subject to change, mathematically.
I suppose this is a result of using a normative algorithm in 4 instead of a set
of invariants.
Perhaps section 5 should instead say:
Two URIs are "same origin" if computing their origins result in the same value,
and "cross-origin" if the results are different.
Note that in this formulation, a URI is not necessarily same-origin with
itself; for example, a data URI [RFC2397] is not same-origin with itself
because data URIs do not use a server-based naming authority, and different
invocations of the "origin" computation will result in different (globally
unique) origins.
=================
Larry
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
