Access Control open/raised issues from Anne van Kesteren on 2008-01-17 (public-appformats@w3.org from January 2008)

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 17 Jan 2008 15:41:58 +0100
To: "WAF WG (public)" <public-appformats@w3.org>
Message-ID: <op.t42wf8a464w2qv@annevk-t60.oslo.opera.com>

I was surprised that a large number of issues is still open. An attempt to  
get some closed.


ISSUE-4 http://www.w3.org/2005/06/tracker/waf/issues/4

I don't think we need this distinction and I already replied to the  
relevant comment. The specification is clear enough on this point.


ISSUE-5 http://www.w3.org/2005/06/tracker/waf/issues/5

We have both black- and whitelisting for the following reaons: In case the  
server and documents hosted on the server are in control by different  
people it is necessary that the server people are able to override the  
document people (if the document wants to share access) and vice versa (if  
the server wants to share access).

I suggest we close this issue because there's a good reason to have the  
deny rule.


ISSUE-11 http://www.w3.org/2005/06/tracker/waf/issues/11

The specification states: "User agents may optimize any algorithm given in  
this specification, so long as the end result is indistinguishable from  
the result that would be obtained by the specification's algorithms." This  
seems clear enough to me. I suggest we close this issue.


ISSUE-16 http://www.w3.org/2005/06/tracker/waf/issues/16

I have added more information to the introduction. Together with the use  
cases and requirements document/appendix I think we'll cover this  
adequately. I suggest we close this issue.


ISSUE-20 http://www.w3.org/2005/06/tracker/waf/issues/20

I think the current model is adequate and leaves the server in control at  
all times. It has been explained on the mailing list why we have this  
model by Brad and Ian mostly so I think we can close this issue.


I'm not sure what to do with ISSUE-21. It's not concrete enough to do  
anything with and as far as detailing what needs to be done for security I  
think that's already covered. I suggest we close this one. ISSUE-19 will  
be dealt with when we publish the requirements document/appendix.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Thursday, 17 January 2008 14:38:51 UTC