W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Scientific Literature on Capabilities (was Re: CORS versus Uniform Messaging?)

From: Devdatta <dev.akhawe@gmail.com>
Date: Wed, 16 Dec 2009 22:04:31 -0800
Message-ID: <ecf35a1b0912162204t171f4ebfv38f51877d5bb4963@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: Kenton Varda <kenton@google.com>, public-webapps <public-webapps@w3.org>
>
> Another example would be an XBL binding file on hixie.ch that is
> accessible only to pages on damowmow.com. With CORS I can do this with one
> line in my .htaccess file. I don't see how to do it at all with UM.
>

Seems to me that these examples can just as easily be done with IE's
XDomainRequest. Are there examples for CORS which can't be done by
UM/XDR  ?

Cheers
devdatta

2009/12/16 Ian Hickson <ian@hixie.ch>:
> On Wed, 16 Dec 2009, Kenton Varda wrote:
>>
>> Without the benefit of full context (I only started following this list
>> recently), I'd like cautiously to suggest that the UM solution to Ian's
>> "challenge" seems awkward because the challenge is itself a poor design,
>> and UM tends to be more difficult to work with when used to implement
>> designs that are poor in the first place.
>>
>> Specifically -- and note that I'm not sure I follow all the details, so
>> I could be missing things -- it seems that the challenge calls for site
>> B to be hard-coded to talk to site A.  In a better world, site B would
>> be able to talk to any site that provides feeds in the desired format.
>
> A concrete example of the example I was talking about is Google's Finance
> GData API. There's a fixed URL on A (Google's site) that represents my
> finance information. There's a site B (my portal page) that is hard-coded
> to fetch that data and display it. I'm logged into A, I'm not logged into
> B, and I've told A (Google) that it's ok to give B access to my financial
> data. Today, this involves a complicated set of bouncing back and forth.
> With CORS, it could be done with zero server-side scripting -- the file
> could just be statically generated with an HTTP header that grants
> permission to my portal to read the page.
>
> Another example would be an XBL binding file on hixie.ch that is
> accessible only to pages on damowmow.com. With CORS I can do this with one
> line in my .htaccess file. I don't see how to do it at all with UM.
>
>
>> So imagine, for example, that when the user visits site A originally,
>> the site can somehow tell the browser "I would like to provide a
>> capability implementing the com.example.Feed interface.  The URL for
>> this capability is [something unguessable].".  Then, when the user
>> visits site B, it has a "socket" for an object implementing
>> "com.example.Feed".  When the user clicks on this "socket", the browser
>> pops up a list of com.example.Feed implementations that it knows about,
>> such as the one from site A.  The user can then click on that one and
>> thus hook up the sites.
>
> As a user, in both the finance case and XBL case, I don't want any UI. I
> just want it to Work.
>
> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
>
>
Received on Thursday, 17 December 2009 06:05:31 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT