This security-related W3C document is probably of interest to SAAG subscribers. If you want to send comments to W3C, see the instructions in the link below. Best regards, Pasi > -----Original Message----- > From: Mark Nottingham <mnot at mnot.net> > Sent: 06 April, 2009 12:38 > To: secdir at ietf.org > Subject: [secdir] Soliciting reviews for Cross-Origin Resource Sharing > > [ with my IETF/W3C Liaison hat on ] > > Members of the WebApps WG in the W3C have brought Cross-Origin > Resource Sharing (CORS) to my attention, and asked for review/input > from IETF folks. > > http://www.w3.org/TR/2009/WD-cors-20090317/ > > > This document defines a mechanism to enable client-side cross-origin > > requests. Specifications that want to enable cross-origin requests > > in an API they define can use the algorithms defined by this > > specification. If such an API is used on http://example.org > > resources, a resource on http://hello-world.examplecan opt in using > > the mechanism described by this specification (e.g., specifying > > Access-Control-Allow-Origin: http://example.org as response header), > > which would allow that resource to be fetched cross-origin from > > http://example.org . > > The document's status section contains information about how to > provide feedback to them. > > I know that generally the security directorate review process is for > review of IETF documents, but this document does have the potential > for impacting IETF technologies, and is directly security-related. If > the directorate is unable to provide a review, please forward this to > the appropriate folks in the IETF security community who may be > interested in providing individual reviews and feedback to the WG. > > Cheers, > > -- > Mark Nottingham http://www.mnot.net/
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.