Re: A Somewhat Critical View of SOP (Same Origin Policy) from Tony Arcieri on 2015-08-30 (public-web-security@w3.org from August 2015)

From: Tony Arcieri <bascule@gmail.com>
Date: Sun, 30 Aug 2015 16:08:28 -0700
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAHOTMVK3Rr60M2jP6-8sGKTg=R15B60PzVOc0OMB2r8uRHWC_g@mail.gmail.com>

On Sat, Aug 29, 2015 at 1:21 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> A core part of the Web Security model is based on SOP.
>
> However, the world (outside of the Web) isn't working according this
> model; it is rather ad-hoc.
>
> This has lead to the "App-explosion" which is better aligned (for good or
> for worse) to needs of the world than a SOP-crippled Web.
>

I think this argument is a total non-sequitur. On the desktop we saw a huge
shift away from native applications to web-based ones. It's only on the
mobile web that we see the reverse. If SOP is holding back the mobile web,
why did we see the opposite on the desktop?

I think the deficiencies of the mobile web have a lot more to do with
performance, both on a limited mobile connection and with more limited
hardware.

What is your reasoning that the limitations of SOP are driving the shift
from mobile web to native apps, and why did we see the opposite on the
desktop.

-- 
Tony Arcieri

Received on Sunday, 30 August 2015 23:09:15 UTC