W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Patent disclosure for UniMess? [Was: [cors] Uniform Messaging, a CSRF resistant profile of CORS]

From: Arthur Barstow <art.barstow@nokia.com>
Date: Sun, 6 Dec 2009 08:27:57 -0500
Message-Id: <E8A2B639-842E-4579-8D39-8EC5A26A9B69@nokia.com>
Cc: public-webapps <public-webapps@w3.org>
To: ext Tyler Close <tyler.close@gmail.com>, "Mark S. Miller" <erights@google.com>
Mark, Tyler,

*IF* this proposal was a WG document, its Status of the Document  
section would include a patent disclosure requirement like the one in  


An individual who has actual knowledge of a patent which the  
individual believes contains Essential Claim(s) must disclose the  
information in accordance with section 6 of the W3C Patent Policy.

Would you two (and anyone else that contributed to the UniMess  
proposal) please make a patent disclosure for your proposal?

-Art Barstow

On Nov 23, 2009, at 12:33 PM, ext Tyler Close wrote:

> I made some minor edits and formatting improvements to the document
> sent out on Friday. The new version is attached. If you read the prior
> version, there's no need to review the new one. If you're just getting
> started, use the attached copy.
> Thanks,
> --Tyler
> On Fri, Nov 20, 2009 at 5:04 PM, Tyler Close  
> <tyler.close@gmail.com> wrote:
>> MarkM and I have produced a draft specification for the GuestXHR
>> functionality we've been advocating. The W3C style specification
>> document is attached. We look forward to any feedback on it.
>> We agree with others that "GuestXHR" was not a good name and so have
>> named the proposal "Uniform Messaging" for reasons elaborated in the
>> specification.
>> To parallel the CORS separation of policy from API, this first
>> document is the policy specification with an XMLHttpRequest-like API
>> yet to follow.
>> Abstract:
>> """
>> This document defines a mechanism to enable requests that are
>> independent of the client's context. Using this mechanism, a client
>> can engage in cross-site messaging without the danger of
>> Cross-Site-Request-Forgery and similar attacks that abuse the cookies
>> and other HTTP headers that form a client's context. For example,  
>> code
>> from customer.example.org can use this mechanism to send requests to
>> resources determined by service.example.com without further need to
>> protect the client's context.
>> """
>> Thanks,
>> --Tyler
> -- 
> "Waterken News: Capability security on the Web"
> http://waterken.sourceforge.net/recent.html<draft.html>
Received on Sunday, 6 December 2009 13:39:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:21 UTC