Re: [websec] Comments on draft-abarth-principles-of-origin-00, was: Reviews of draft-ietf-websec-origin and principles-of-origin until end of May

[Tobias Gondrom <tobias.gondrom@gondrom.org>]

Sorry, I forgot to clarify in my previous email:
my comment was my opinion as individual. <hat type='individual'/> ;-)
(not as WG chair)


On 21/06/11 17:38, Peter Saint-Andre wrote:
> <hat type='individual'/>
>
> Agreed. Plus, at some point in the future, people will look for "that
> RFC about same origin" and it would be confusing for them to find two
> instead of one. Best to put it all in one place, I think.
>
> On 6/21/11 10:17 AM, Tobias Gondrom wrote:
>> Hi Adam,
>>
>> FWIW my opinion is in favour of merging the two.
>> Reasons:
>> 1. principles is rather short and gives a good context and introduction
>> to origin, so it seems appropriate to merge them both together.
>> 2. if I would consider origin referencing principles, there might be a
>> larger number of references, which again I would take as a sign that
>> merging them might be the right thing to do.
>> 3. I tend to disagree with Jeff's argument that future references of
>> "principles" would be a good reason to keep both drafts separate. I
>> believe in this case future work can equally reference from the origin
>> draft.
>>
>> Kind regards and looking forward to reading the new version.
>>
>> Tobias
>>
>>
>>
>> On 16/06/11 04:59, Adam Barth wrote:
>>> I was hoping other folks would weigh into the thread.  In the interest
>>> of moving forward, I'm going to combine them into one document but try
>>> to structure the document so that folks who aren't interested in the
>>> nuts and bolts can still get the high-level picture.  Most of the
>>> folks who want to refer to the Principles document probably also want
>>> to refer to the Nuts-and-Bolts doc, so having them together makes that
>>> easier.
>>>
>>> The main tricky thing I'm working on at the moment is the scope /
>>> perspective issue.  Once I get that hammered out (either tonight or
>>> tomorrow), I'll upload a new draft.
>>>
>>> Thanks,
>>> Adam
>>>
>>>
>>> On Mon, Jun 13, 2011 at 1:41 PM,
>>> =JeffH<Jeff.Hodges@kingsmountain.com>   wrote:
>>>> Julian asked:
>>>>
>>>>> I believe that having two documents make sense; what's the benefit of
>>>>> merging?
>>>> Yes, I have the same question now (after belatedly reviewing the
>>>> document in
>>>> more detail). I'm thinking Principles of the Same-Origin Policy
>>>> (PSOP) ought
>>>> to be a separate doc, because it'll get referenced down the road
>>>> specifically
>>>> for this principle stuff, possibly by a wider range of docs than would
>>>> reference the Origin header spec (which concerns a particular
>>>> concrete facet
>>>> of web platform machinery).
>>>>
>>>> I also think (on an admittedly quick re-skim) John Kemp's so-called
>>>> "scope"
>>>> comments are overall apropos -- I have many of the same thoughts..
>>>>
>>>>    Re: [websec] Principles of the Same-Origin Policy
>>>>    http://www.ietf.org/mail-archive/web/websec/current/msg00257.html
>>>>
>>>> You (Adam B) are writing from the perspective of one steeped in
>>>> browser and
>>>> web application internals, and seemingly for a similar audience it
>>>> seems.
>>>> However, I suspect this doc would likely get read by a wider audience,
>>>> including those who are trying to learn (or write) about how this
>>>> complex
>>>> "web platform" beast works.
>>>>
>>>> HTH,
>>>>
>>>> =JeffH
>>>>