W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 17 Dec 2009 05:25:56 +0000 (UTC)
To: Kenton Varda <kenton@google.com>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0912170518470.15825@hixie.dreamhostps.com>
On Wed, 16 Dec 2009, Kenton Varda wrote:
>
> Without the benefit of full context (I only started following this list 
> recently), I'd like cautiously to suggest that the UM solution to Ian's 
> "challenge" seems awkward because the challenge is itself a poor design, 
> and UM tends to be more difficult to work with when used to implement 
> designs that are poor in the first place.
> 
> Specifically -- and note that I'm not sure I follow all the details, so 
> I could be missing things -- it seems that the challenge calls for site 
> B to be hard-coded to talk to site A.  In a better world, site B would 
> be able to talk to any site that provides feeds in the desired format.

A concrete example of the example I was talking about is Google's Finance 
GData API. There's a fixed URL on A (Google's site) that represents my 
finance information. There's a site B (my portal page) that is hard-coded 
to fetch that data and display it. I'm logged into A, I'm not logged into 
B, and I've told A (Google) that it's ok to give B access to my financial 
data. Today, this involves a complicated set of bouncing back and forth. 
With CORS, it could be done with zero server-side scripting -- the file 
could just be statically generated with an HTTP header that grants 
permission to my portal to read the page.

Another example would be an XBL binding file on hixie.ch that is 
accessible only to pages on damowmow.com. With CORS I can do this with one 
line in my .htaccess file. I don't see how to do it at all with UM.


> So imagine, for example, that when the user visits site A originally, 
> the site can somehow tell the browser "I would like to provide a 
> capability implementing the com.example.Feed interface.  The URL for 
> this capability is [something unguessable].".  Then, when the user 
> visits site B, it has a "socket" for an object implementing 
> "com.example.Feed".  When the user clicks on this "socket", the browser 
> pops up a list of com.example.Feed implementations that it knows about, 
> such as the one from site A.  The user can then click on that one and 
> thus hook up the sites.

As a user, in both the finance case and XBL case, I don't want any UI. I 
just want it to Work.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 17 December 2009 05:26:32 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT