[saag] FW: Soliciting reviews for Cross-Origin Resource Sharing

<Pasi.Eronen@nokia.com> Wed, 15 April 2009 06:11 UTC

Return-Path: <Pasi.Eronen@nokia.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 86C303A6B5F for <saag@core3.amsl.com>; Tue, 14 Apr 2009 23:11:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.458
X-Spam-Level:
X-Spam-Status: No, score=-6.458 tagged_above=-999 required=5 tests=[AWL=0.141, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTj8GCVKy3bD for <saag@core3.amsl.com>; Tue, 14 Apr 2009 23:11:15 -0700 (PDT)
Received: from mgw-mx09.nokia.com (smtp.nokia.com [192.100.105.134]) by core3.amsl.com (Postfix) with ESMTP id CE3933A697F for <saag@ietf.org>; Tue, 14 Apr 2009 23:11:14 -0700 (PDT)
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx09.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n3F6CL5w003638; Wed, 15 Apr 2009 01:12:27 -0500
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 15 Apr 2009 09:12:16 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.6]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 15 Apr 2009 09:12:16 +0300
Received: from nok-am1mhub-08.mgdnok.nokia.com (65.54.30.15) by NOK-am1MHUB-02.mgdnok.nokia.com (65.54.30.6) with Microsoft SMTP Server (TLS) id 8.1.340.0; Wed, 15 Apr 2009 08:12:15 +0200
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-08.mgdnok.nokia.com ([65.54.30.15]) with mapi; Wed, 15 Apr 2009 08:12:04 +0200
From: <Pasi.Eronen@nokia.com>
To: <saag@ietf.org>
Date: Wed, 15 Apr 2009 08:12:03 +0200
Thread-Topic: Soliciting reviews for Cross-Origin Resource Sharing
Thread-Index: Acm2nbrILwwTGZGPTyquevlMe3MlnAG8jfeA
Message-ID: <808FD6E27AD4884E94820BC333B2DB7727F2323E40@NOK-EUMSG-01.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 15 Apr 2009 06:12:16.0200 (UTC) FILETIME=[2006E480:01C9BD91]
X-Nokia-AV: Clean
Cc: mnot@mnot.net
Subject: [saag] FW: Soliciting reviews for Cross-Origin Resource Sharing
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2009 06:11:16 -0000

This security-related W3C document is probably of interest to SAAG
subscribers. If you want to send comments to W3C, see the 
instructions in the link below. 

Best regards,
Pasi

> -----Original Message-----
> From: Mark Nottingham <mnot@mnot.net>
> Sent: 06 April, 2009 12:38
> To: secdir@ietf.org
> Subject: [secdir] Soliciting reviews for Cross-Origin Resource Sharing
> 
> [ with my IETF/W3C Liaison hat on ]
> 
> Members of the WebApps WG in the W3C have brought Cross-Origin
> Resource Sharing (CORS) to my attention, and asked for review/input
> from IETF folks.
> 
> http://www.w3.org/TR/2009/WD-cors-20090317/
> 
> > This document defines a mechanism to enable client-side cross-origin
> > requests. Specifications that want to enable cross-origin requests
> > in an API they define can use the algorithms defined by this
> > specification. If such an API is used on http://example.org
> > resources, a resource on http://hello-world.examplecan opt in using
> > the mechanism described by this specification (e.g., specifying
> > Access-Control-Allow-Origin: http://example.org as response header),
> > which would allow that resource to be fetched cross-origin from
> > http://example.org .
> 
> The document's status section contains information about how to
> provide feedback to them.
> 
> I know that generally the security directorate review process is for
> review of IETF documents, but this document does have the potential
> for impacting IETF technologies, and is directly security-related. If
> the directorate is unable to provide a review, please forward this to
> the appropriate folks in the IETF security community who may be
> interested in providing individual reviews and feedback to the WG.
> 
> Cheers,
> 
> --
> Mark Nottingham     http://www.mnot.net/