W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [UMP] Request for Last Call

From: Tyler Close <tyler.close@gmail.com>
Date: Thu, 8 Apr 2010 06:12:31 -0700
Message-ID: <w2w5691356f1004080612ndc1e8cf8zbd68fc8a997d9204@mail.gmail.com>
To: Marcos Caceres <marcosc@opera.com>
Cc: Maciej Stachowiak <mjs@apple.com>, "Mark S. Miller" <erights@google.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Thu, Apr 8, 2010 at 5:44 AM, Marcos Caceres <marcosc@opera.com> wrote:
> To me personally, it only really makes sense for UMP to be merged into CORS.
> Having both specs is confusing.

Given that we've created a superset-subset relationship between CORS
and UMP, we don't have divergent specs for the same functionality;
instead we simply have a modular spec. Splitting the spec this way is
useful because the UMP subset is significantly smaller and the CORS
superset involves additional, complicated security risks.

> To have UMP as an optional add-on does not
> feel right because of the DBAD issue.

Indeed, DBAD is only relevant to CORS, so adding this complexity to
UMP by putting it in the same document with the rest of CORS is
confusing.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html
Received on Thursday, 8 April 2010 13:13:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT