W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [UMP] Subsetting (was: [XHR2] AnonXMLHttpRequest())

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 12 Apr 2010 13:00:25 -0700
Cc: Arthur Barstow <art.barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
Message-id: <394CFA4C-5B39-433E-8951-88F0D909C5F8@apple.com>
To: Tyler Close <tyler.close@gmail.com>

On Apr 12, 2010, at 10:33 AM, Tyler Close wrote:

> On Mon, Apr 12, 2010 at 6:49 AM, Arthur Barstow  
> <art.barstow@nokia.com> wrote:
>> Maciej, Tyler - thanks for continuing this discussion. I think it  
>> would be
>> helpful to have consensus on what we mean by subsetting in this  
>> context.
>> (Perhaps the agreed definition could be added to the CORS and UMP  
>> Comparison
>> [1].)
>
> I've added a new section to the wiki page, "UMP as subset of CORS":
>
> http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UMP#UMP_as_subset_of_CORS
>

I do not think the set of subset criteria posted there matches what I  
proposed and what we've been discussing in this thread. Should I put  
some abbreviated form of my proposal in the wiki? I am not sure what  
the conventions are for editing this wiki page.

I think the points you make on the wiki about cross-endangerment are  
good, but they are not really subset criteria, that's a property we  
want for any two Web platform features, and it could be achieved with  
a strategy of making things completely different instead of the subset  
strategy. They do represent relations that we should maintain however.

I think even taken together, your set of subset conditions does  
guarantee that a CORS client implementation is automatically also a  
UMP client implementation. If we went that way, then we would have to  
consider whether there will ever be client implementors of UMP itself,  
or it will be impossible to fulfill CR exit criteria.

Regards,
Maciej
Received on Monday, 12 April 2010 20:00:59 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT