W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: Seeking XDR versus AC4CSR+XHR2 follow-ups by Microsoft [Was: Re: IE Team's Proposal for Cross Site Requests]

From: Ben Adida <ben@adida.net>
Date: Fri, 02 May 2008 15:29:05 -0700
Message-ID: <481B95B1.1000300@adida.net>
To: Sunava Dutta <sunavad@windows.microsoft.com>
CC: Arthur Barstow <art.barstow@nokia.com>, Eric Lawrence <ericlaw@exchange.microsoft.com>, Chris Wilson <Chris.Wilson@microsoft.com>, ext Anne van Kesteren <annevk@opera.com>, "Web API WG (public)" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>, Zhenbin Xu <zhenbinx@windows.microsoft.com>, Gideon Cohn <gidco@windows.microsoft.com>, Sharath Udupa <Sharath.Udupa@microsoft.com>, Marc Silbey <marcsil@windows.microsoft.com>

Sunava Dutta wrote:
> Art, I apologize for the delay but we're currently coming up with a
> plan moving forward to regarding how we want to proceed with cross
> domain.

Sunava,

I've been lurking on this list for a while, and wanted to ask a question 
that I don't think has been answered on the list.

The IE8 White Paper on "Better Ajax Development" says:

"Cross-domain requests are anonymous to protect user data, which means 
that servers cannot easily find out who is requesting data. As a result, 
you only want to request and respond with cross-domain data that is not 
sensitive or personally identifiable."

Is that an accurate representation of MS's position, that XDR should 
never be used to request sensitive/private information, only generic 
public data?

Thanks,

-Ben Adida
ben@adida.net
Received on Friday, 2 May 2008 22:29:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 2 May 2008 22:29:42 GMT