- From: Gannon Dick <gannon_dick@yahoo.com>
- Date: Tue, 2 Aug 2011 13:37:03 -0700 (PDT)
- To: W3C eGov IG mailing list <public-egov-ig@w3.org>
- Cc: GLD Chairs <team-gld-chairs@w3.org>
This is an eGov issue, I think; a big one. Without this "security model", which implies possession=trust there is a lot of consumer location information which goes from proprietary/valuable to non-public/worthless. That implication (assumption) is simply not necessary for GLD or LOD, is it ? Information about places (as opposed to information about people in those places) is much different. examples: EPA UV Index, http://tinyurl.com/white-nights-forever Any thoughts ? [I imagine 51st Century Archaeologists digging in a place which used to be called 'Legal Seafood' (in Boston), and finding piles of oyster shells mixed with maxed-out credit cards. I wonder what they'll make of that ?] --Gannon --- On Tue, 8/2/11, Ian Hickson <ian@hixie.ch> wrote: > From: Ian Hickson <ian@hixie.ch> > Subject: Re: [web messaging] Channel Messaging Origins > To: public-html-comments@w3.org > Date: Tuesday, August 2, 2011, 2:04 PM > On Mon, 1 Aug 2011, Philippe De Ryck > wrote: > > > > If two browsing contexts X and Y create a messaging > channel using ports, > > no origin guarantees about the sender or receiver of > the messages can be > > given. This is in contrast with the 'Cross-document > Messaging' > > mechanism, where each message has a source and > destination origin. > > This is intentional. The security model here is a > capabilities model, > where vending a MessagePort inherently grants a right. > Exposing an origin > would actually undermine this, preventing capabilities from > being > furthered to other origins. > > -- > Ian Hickson > U+1047E > )\._.,--....,'``. fL > http://ln.hixie.ch/ > U+263A > /, _.. > \ _\ ;`._ ,. > Things that are impossible just take > longer. `._.-(,_..'--(,_..'`-.;.' > >
Received on Tuesday, 2 August 2011 20:37:31 UTC