See also: IRC log
bhill2: thanks
... I can scribe
scribenick ekr
<bhill2> scribenick: ekr
<bhill2> http://www.w3.org/2013/07/16-webappsec-minutes.html
<bhill2> https://www.w3.org/2011/webappsec/track/actions/open?sort=owner
<bhill2> https://www.w3.org/2011/webappsec/track/actions/pendingreview
<bhill2> trackbot close action-148
<trackbot> Closed action-148.
mwest: there has been a proposal that we add a much bigger API (#127). Don't know if we would get it done by 1.1
… we should discuss on the list
bhill2: would like to create a burndown list of outstanding issues
bhill2: do we intend to respond
to any of these issues in the tracker?
... wanted to get consensus on the call.
… does anyone object to closing these out?
https://www.w3.org/Bugs/Public/show_bug.cgi?id=14663 : CORS and Caches
bhill2: I don't think there is a need for this at this point
any objections to closing this bug?
no objections
https://www.w3.org/Bugs/Public/show_bug.cgi?id=14664 : Defining CORS headers
bhill2: Not clear what the contents of this bug is. Open since 2011 with no activity
… might be about header changes in ABNF with HTTP bis
any objections to closing?
no objections
https://www.w3.org/Bugs/Public/show_bug.cgi?id=14700 : Point out that Access-Control-Allow-Origin:* is safe for servers not behind a firewall
bhill2: security considerations has been completely rewritten
any objections to closing?
no objections heard.
https://www.w3.org/Bugs/Public/show_bug.cgi?id=19920 : Don't allow space-separated origins in the syntax
Related to 21608: https://www.w3.org/Bugs/Public/show_bug.cgi?id=21608 7.2 "Resource Sharing Check" does not specify how to handle a space separated list in Access-Control-Allow-Origin
bhill2: implicitly access control sharing check forbids >1 oriign
… my opinion is behavior is already specified and implemented
… propose we don't change it
any objections to closing these without change?
no objections heard
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21012 : Add more text on Vary
bhill2: seems that this is an edge case.
… minor editorial suggestion, not worth opening spec
any objections to closing these without change?
no objections heard
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21013: Credentials and HTTP authentication
<bhill2> http://lists.w3.org/Archives/Public/public-webapps/2013JanMar/thread.html#msg366
bhill2: discussion more recently on the list.
… does anyone feel spec needs additional clarification?
… I have not seen any actual text proposed
any objections to closing this without changes?
no objections heard
bhill2: call to formally close CfC for advancement from Candidate Recommendation to Proposed Recommendation
peleus moves to advance CORS to PR
seconded by ekr
no objections to unanimous consent
decision: move CORS to proposed recommendation
bhill2: I will check with Art in WebApps
<bhill2> http://lists.w3.org/Archives/Public/public-webappsec/2013Aug/0037.html
bhill2: proposed modiification to prevent against CSRF. Header to determne whether cookies would be sent or not
… a few items of discussion on the list
… anyone interested in taking this up?
nothing heard
bhill2: continue to discuss on the list
… but we will not take it up without more show of interest
in 1.1
<bhill2> thanks for scribing, ekr
np.
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found ScribeNick: ekr Inferring Scribes: ekr Default Present: bhill2, +1.415.832.aaaa, gioma1, ekr, puhley, gmaone, +1.978.944.aabb, mkwst_, gopal Present: bhill2 +1.415.832.aaaa gioma1 ekr puhley gmaone +1.978.944.aabb mkwst_ gopal Agenda: http://lists.w3.org/Archives/Public/public-webappsec/2013Aug/0056.html Got date from IRC log name: 27 Aug 2013 Guessing minutes URL: http://www.w3.org/2013/08/27-webappsec-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]