- From: Brian Bober <netdragon@gmail.com>
- Date: Mon, 12 Nov 2007 23:27:14 -0500
- To: annevk@opera.com
- Cc: public-html@w3.org
- Message-ID: <2fafffe10711122027t598a3e4dsff8b6aa023aad905@mail.gmail.com>
>On Mon, 22 Oct 2007 19:32:59 +0200, Brian Bober wrote: >> 3rd-party content vendors who need to store simple preferences (such as >> "show playback bar") across a huge slew of domains which use their >> services have to currently store preferences on the server-side, which >> is very >> expensive, or otherwisepoor user-experience will result because > >The cross-site XMLHttpRequest extensions for XMLHttpRequest level 2 >discussed on public-webapi@w3.org <public-webapi@w3.org?Subject=Re%3A%20Client-side%20storage%3A%20Allow%20certificates%20to%20identify%20owner&In-Reply-To=%253Cop.t0m6gyho64w2qv%40annevk-t60.oslo.opera.com%253E&References=%253Cop.t0m6gyho64w2qv%40annevk-t60.oslo.opera.com%253E> might help with that. You wouldn't have >client-side storage, but you would be able to fetch preferences from a >single server. Hi Anne, Thanks, however that isn't a very scalable solution for this particular limitation the server hardware necessary to store user preferences across millions of hits a day is prohibitively expensive when user preferences should be completely handled on the client-side since it distributes the load. The end result is that certain things on the internet would be cheaper if handled on the client side, and thus advanced funcationality becomes available to more web developers beyond those that can afford a server farm. It seems unecessary to build server farms in order to handle per-user settings that don't give away personal information (such as "Do I want X in 10pt or 12pt font?". However, purchasing a certificate is affordable to most people. The code the company I work for develops gets hit 10s of millions of times per day and thus we can only afford to store user preferences on a per-domain basis for most things, when really a lot of these settings should be stored globally. Therefore, we're forced to do something less optimal for the user simply to save money. I think cert-based local storage should be investigated as part of the standard, however I'm not enough of a security expert to suggest what would work. --Brian
Received on Tuesday, 13 November 2007 04:27:23 UTC