W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Patent disclosure for UniMess? [Was: [cors] Uniform Messaging, a CSRF resistant profile of CORS]

From: Tyler Close <tyler.close@gmail.com>
Date: Mon, 7 Dec 2009 10:35:50 -0800
Message-ID: <5691356f0912071035j2c0d57faid87e3ff8e3945b7b@mail.gmail.com>
To: Arthur Barstow <art.barstow@nokia.com>
Cc: "Mark S. Miller" <erights@google.com>, public-webapps <public-webapps@w3.org>
Hi Art,

For the "Status of this Document" section, I just copied the text
recommended at:


I did not mean to obfuscate any patent disclosure issues. I personally
do not know of any relevant patents.


On Sun, Dec 6, 2009 at 5:27 AM, Arthur Barstow <art.barstow@nokia.com> wrote:
> Mark, Tyler,
> *IF* this proposal was a WG document, its Status of the Document section
> would include a patent disclosure requirement like the one in CORS:
> [[
> http://www.w3.org/TR/2009/WD-widgets-access-20090804/
> An individual who has actual knowledge of a patent which the individual
> believes contains Essential Claim(s) must disclose the information in
> accordance with section 6 of the W3C Patent Policy.
> ]]
> Would you two (and anyone else that contributed to the UniMess proposal)
> please make a patent disclosure for your proposal?
> -Art Barstow
> On Nov 23, 2009, at 12:33 PM, ext Tyler Close wrote:
>> I made some minor edits and formatting improvements to the document
>> sent out on Friday. The new version is attached. If you read the prior
>> version, there's no need to review the new one. If you're just getting
>> started, use the attached copy.
>> Thanks,
>> --Tyler
>> On Fri, Nov 20, 2009 at 5:04 PM, Tyler Close <tyler.close@gmail.com>
>> wrote:
>>> MarkM and I have produced a draft specification for the GuestXHR
>>> functionality we've been advocating. The W3C style specification
>>> document is attached. We look forward to any feedback on it.
>>> We agree with others that "GuestXHR" was not a good name and so have
>>> named the proposal "Uniform Messaging" for reasons elaborated in the
>>> specification.
>>> To parallel the CORS separation of policy from API, this first
>>> document is the policy specification with an XMLHttpRequest-like API
>>> yet to follow.
>>> Abstract:
>>> """
>>> This document defines a mechanism to enable requests that are
>>> independent of the client's context. Using this mechanism, a client
>>> can engage in cross-site messaging without the danger of
>>> Cross-Site-Request-Forgery and similar attacks that abuse the cookies
>>> and other HTTP headers that form a client's context. For example, code
>>> from customer.example.org can use this mechanism to send requests to
>>> resources determined by service.example.com without further need to
>>> protect the client's context.
>>> """
>>> Thanks,
>>> --Tyler
>> --
>> "Waterken News: Capability security on the Web"
>> http://waterken.sourceforge.net/recent.html<draft.html>

"Waterken News: Capability security on the Web"
Received on Monday, 7 December 2009 18:36:23 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:21 UTC