Re: SVG 1.2 Comment: B.2.3 Socket Connections

> On Wed, 3 Nov 2004, Peter Sorotokin wrote:
> >
> > Most secure UAs can block these connections (or require user to approve
> > it for a specific host, verify signatures, etc.). We are not imposing
> > our security model on UAs, we just outlining baseline expectations.
>
> The point is that once you've implemented this securely, it becomes less
> useful than URLRequest, since it can only access HTTP ports, but doesn't
> do HTTP. It seems bad to have a feature that is only useful if implemented
> in insecure ways.
>
> If the use case is only for secured networks, then it shouldn't be in a
> W3C spec (W3C specs being, by definition, designed for the Web).

I don't understand what your point is.  It seems to be that since some sites
will only allow HTTP requests that SVG should not implement a more powerful
network interface for anyone?

The SVG socket interface is very useful as it allows two way asynchronous
communication.  This is an essential feature for some interactive SVG
applications.  These interfaces were added because people, like me, who used
early SVG implementations found that they were needed - and the SVG working
group listened.

Received on Thursday, 4 November 2004 03:14:53 UTC