[cap-talk] Open Review of the CORS Specification
Adam Barth
cap-talk at adambarth.com
Mon Oct 12 22:34:45 PDT 2009
On Mon, Oct 12, 2009 at 9:41 PM, David-Sarah Hopwood
<david-sarah at jacaranda.org> wrote:
> The response always seems to be something equally as vague as:
>
>>> There were concerns that the CORS spec might not satisfy all the related
>>> security issues; this is true, but we do believe that it solves a useful
>>> set of cases, and doesn't introduce additional risk.
>
> which, without actually enumerating the kind of cases that are supposed to
> be "solved", does not seem to me to be a substantive technical argument
> in favour of CORS at all.
The use cases are listed here:
http://dev.w3.org/2006/waf/access-control/#use-cases
I don't think we should beat up on Doug for not providing a technical
argument. As I understand things, his role is primarily to facilitate
the debate.
Adam
More information about the cap-talk
mailing list