Re: Semi-public resources in Uniform Messaging

Hi Ian,

To answer your question, I need a better understanding of what
"semi-public" means. At first blush, it sounds a little bit like
"semi-pregnant". More inline below...

On Tue, Dec 8, 2009 at 6:16 AM, Ian Hickson <ian@hixie.ch> wrote:
>
> I'm trying to understand this proposal and how it would interact with
> Server-sent Events, XBL2, <canvas>/<img>, and <video>:

We're not proposing changing the existing security model of the <img>
tag, since that would break existing sites. A new <img>-like tag that
supports UMP might be a good thing to have though.

>
>   http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/att-0914/draft.html
>
> How would one label a static resource on an intranet server, e.g.
>
>   http://videos.corp.example.com/tgif/2009-12-11.ogg
>
> ...such that it can be used by the pages on the following hosts:
>
>   http://www.corp.example.com/
>   http://moma.corp.example.com/
>   http://tgif.corp.example.com/
>   http://intranet.example.com/
>
> ...but such that it could _not_ be used by pages on the following hosts:
>
>   http://hostile-blog.example.com/

What exactly do you mean by "used"? Do you mean that the blog site
author cannot obtain the bytes in the OGG file?

For now, my best guess at your meaning is that you want some way to
prohibit deep-linking to publicly accessible resources. Is that what
you mean? If so, then I gather you're using a static OGG file as part
of a "bandwidth stealing" argument. Am I following? If so, then I'm
not sure how the intranet part plays into the scenario.

I think we need to clarify the exact scenario and the access control
rules being enforced before proceeding For example, who can read and
write what, what do they want to do, and who must not be able to read
or write what.

Thanks,
--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html

Received on Tuesday, 8 December 2009 18:13:26 UTC