- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 15 Jun 2010 13:19:22 +0200
- To: public-webapps@w3.org, "Ashok Malhotra" <ASHOK.MALHOTRA@oracle.com>
- Cc: Www-Tag <www-tag@w3.org>
On Tue, 15 Jun 2010 13:11:01 +0200, Ashok Malhotra <ASHOK.MALHOTRA@oracle.com> wrote: > At the TAG f2f meeting last week we discussed the Web Storage > (http://dev.w3.org/html5/webstorage/) draft. As you know, Web Storage > provides storage mechanisms (local storage and session storage) by > origin. This led us to conclude that it supports the same-origin > policy. But section 6.1 contains the sentence “User agents may allow > sites to access session storage areas in an unrestricted manner, but > require the user to authorize access to local storage areas.” This > prompted some of us to speculate that a door is being left open for > cross-site information sharing in the manner of CORS > (http://www.w3.org/TR/access-control/)or UMP(http://www.w3.org/TR/UMP/). > > Would you agree that this reading between the lines is justified? No, it says before that "Site-specific white-listing of access to local storage areas". And then continues with the explanation you quoted. I don't quite understand how you went from that to cross-origin usage. All it says is that user agents could offer the option to do local storage on an opt-in basis to make tracking harder. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 15 June 2010 11:20:06 UTC