Re: corscheck from Michael Hausenblas on 2010-11-09 (public-awwsw@w3.org from November 2010)

From: Michael Hausenblas <michael.hausenblas@deri.org>
Date: Tue, 09 Nov 2010 20:56:28 +0000
To: Jonathan Rees <jar@creativecommons.org>, Nathan <nathan@webr3.org>
CC: AWWSW TF <public-awwsw@w3.org>
Message-ID: <C8FF65FC.1707F%michael.hausenblas@deri.org>

Hmmmm. I guess what we want to communicate and advocate for (and I agree we
could make this even more explicit) is: IF you have open (==publically
available) data, use CORS and *not* use CORS for everything no matter what.

Nathan?

Cheers,
      Michael

-- 
Dr. Michael Hausenblas, Research Fellow
LiDRC - Linked Data Research Centre
DERI - Digital Enterprise Research Institute
NUIG - National University of Ireland, Galway
Ireland, Europe
Tel. +353 91 495730
http://linkeddata.deri.ie/
http://sw-app.org/about.html



> From: Jonathan Rees <jar@creativecommons.org>
> Date: Tue, 9 Nov 2010 15:44:24 -0500
> To: Michael Hausenblas <michael.hausenblas@deri.org>
> Cc: AWWSW TF <public-awwsw@w3.org>
> Subject: Re: corscheck
> 
> On Tue, Nov 9, 2010 at 10:17 AM, Michael Hausenblas
> <michael.hausenblas@deri.org> wrote:
>> 
>>> Thanks for pointing us at
>>> http://river.styx.org/ww/2010/10/corscheck
>>> - it's very interesting.
>> 
>> You're welcome ;)
>> 
>>> CORS hasn't even gone to last call yet, so I hope people aren't
>>> getting too accustomed to it in its draft form. Might be better for
>>> people to wait until CR.
>> 
>> True. Nevertheless we're trying to establish it (at least) for Linked Data,
>> see http://enable-cors.org/ ...
> 
> Blah. The Web has a long history of premature adoption meaning that
> specs (or undocumented designs) end up getting no expert review - and
> this one in particular has not had adequate security review. If there
> are any W3C members involved in promoting production deployment of a
> working draft, they ought to be ... um ... sorry, can't figure out a
> polite way to end that sentence. I'm going to pretend I didn't read
> the personnel list at the bottom.
> 
> According to the process document, CR means: "W3C believes the
> technical report is stable and appropriate for implementation." By
> implicature, one might say that for a pre-CR draft, especially a
> pre-LC draft,  "W3C believes the technical report is NOT stable and
> appropriate for implementation."
> 
> At the very least I urge the authors of the enable-cors.org page to
> include a disclaimer to the effect that CORS is not stable or
> appropriate for implementation, and has not received expert review.
> Then at least any potential adopter will be fully informed. Maybe one
> of them is reading this message?
> 
> I wonder if UMP, which is much simpler than full CORS and more
> obviously safe, could be pushed to CR quickly? That's all you need for
> linked data, anyhow.
> 
> Jonathan

Received on Tuesday, 9 November 2010 20:57:04 UTC