Re: Why aren't most devices virtual web services?

Mark, my concern was that these (e.g. OAuth others noted) all seem to  
imply network connectivity, yet there might be a requirement to have  
contact book access (to give an example) without network access.

regards, Frederick

Frederick Hirsch
Nokia



On Jan 13, 2010, at 1:23 PM, ext Mark S. Miller wrote:

> Still catching up. Answering out of order.
>
>
> On Wed, Jan 13, 2010 at 7:26 AM, Frederick Hirsch <Frederick.Hirsch@nokia.com 
> > wrote:
> use of OAuth.
>
>
> That was just an example of one approach to the inter-site  
> authorization problem. Others are CORS and UMP. As I said in the  
> initial proposal, I don't think this WG should try to pick a winner  
> in this debate. They should just position device APIs so that they  
> can leverage whatever the winner is, by recasting devices as RESTful  
> GET/POST apis. By so doing, we reduce the security issues to a  
> previously unsolved problem ;).
>
>
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Jan 13, 2010, at 9:55 AM, ext Robin Berjon wrote:
>
> On Jan 13, 2010, at 15:50 , Frederick Hirsch wrote:
> Is there a requirement to allow local access to contacts, for  
> example, even when disconnected from the network? How would this  
> work in this model, or is disconnected operation not a requirement?  
> It seems a mobile device should still operate as much as possible  
> when disconnected.
>
> That's entirely orthogonal. Either the web server is local, or  
> (perhaps more likely) it is emulated by the user agent. You never go  
> to the network, whether connected or not.
>
> I thought the proposal was to go to the network for authorization,  
> in which case it is not orthogonal.
>
> I don't read that in the original proposal, can you clarify which  
> part you're thinking of?
>
> --
> Robin Berjon
>  robineko — hired gun, higher standards
>  http://robineko.com/
>
>
>
>
>
>
>
>
> -- 
>    Cheers,
>    --MarkM

Received on Wednesday, 13 January 2010 19:06:04 UTC