W3C home > Mailing lists > Public > public-device-apis@w3.org > January 2010

Re: Why aren't most devices virtual web services?

From: Mark S. Miller <erights@google.com>
Date: Thu, 7 Jan 2010 20:03:24 -0800
Message-ID: <4d2fac901001072003l4a62642q5806ea362b4d866c@mail.gmail.com>
To: Doug Turner <w3c@dougt.org>
Cc: public-device-apis@w3.org
On Thu, Jan 7, 2010 at 7:00 PM, Doug Turner <w3c@dougt.org> wrote:

> i am trying to follow what you are suggesting, but I think I am making too
> many assumptions.  Lets make this idea concrete, are you suggesting that
> something like PowerState be expressed in terms of some sort of url that the
> developer would use xhr to access?
> Yes, exactly.

> Doug
> On Jan 7, 2010, at 6:47 PM, Mark S. Miller wrote:
> > Hi,
> >
> > I'm new to this working group. I recently joined because a number of
> people had privately expressed alarm to me over the approaches to security
> being taken in this WG. Several of them made the same suggestion, I think
> independently. Of the others, they found this suggestion plausible, so I
> thought I'd pass it on. For most devices, why not treat each device as a
> virtual web service, exposing its API as a RESTful API in terms of GETs and
> POSTs. This would reduce the present security problems to a previously
> unsolved problem, of how one web site becomes authorized to use web services
> provided by another site.
> >
> > The case is clearest for contacts. Why should authorizing Facebook to
> access my local contacts be different than, for example, authorizing
> Facebook to access my gmail contacts? There are already several proposed
> solutions to this problem, including the debate between CORS and UMP at the
> public-webapps group. For current browsers, it is also the motivating
> problem behind OAuth. I am *not* suggesting that we at the
> public-device-apis WG attempt to pick a winner among these three. Rather,
> that we should merely provide device APIs as RESTful GET/POST APIs, so that
> we can make use of whatever comes to be the resolution of this debate. The
> scheme of device URLs might be something other than http: or https:, but
> they should still be accessible through XHR and its successors.
> >
> > For some devices, an objection that has been raised: receiving and
> reacting to notifications from RESTful web services is awkward. However,
> once again, the problem is a problem with web services in general. It should
> be solved for web services in general. Then, devices can again be made
> polymorphic with web services providing similar functionality.
> >
> > Let's please avoid introducing unnecessary cases into web standards.
> >
> > --
> >    Cheers,
> >    --MarkM
> >

Received on Friday, 8 January 2010 04:03:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:41 UTC