W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: [UMP] Subsetting (was: [XHR2] AnonXMLHttpRequest())

From: Jonas Sicking <jonas@sicking.cc>
Date: Mon, 12 Apr 2010 15:41:33 -0700
Message-ID: <x2i63df84f1004121541j6f86e9bcl4c7bb3f0ed13eb49@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: Maciej Stachowiak <mjs@apple.com>, Arthur Barstow <art.barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Mon, Apr 12, 2010 at 3:10 PM, Tyler Close <tyler.close@gmail.com> wrote:
>> I think even taken together, your set of subset conditions does guarantee
>> that a CORS client implementation is automatically also a UMP client
>> implementation. If we went that way, then we would have to consider whether
>> there will ever be client implementors of UMP itself, or it will be
>> impossible to fulfill CR exit criteria.
>
> If there are implementers of CORS, then by definition, there are
> implementers of UMP. I don't see anything in CR exit criteria that
> requires implementers to swear not to also implement other
> specifications.

So is sending the 'Origin' and 'Referer' headers ok per UMP? The
current CORS implementation in firefox always sends those headers.

I would have imagined that UMP would explicitly forbid any ambient
authority or identity information other than IP number?

/ Jonas
Received on Monday, 12 April 2010 22:42:30 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT