W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 23 Feb 2009 15:48:17 -0800
Message-ID: <7789133a0902231548p2ebbc55ar915d540d04cf6a3b@mail.gmail.com>
To: Breno de Medeiros <breno@google.com>
Cc: Mark Nottingham <mnot@mnot.net>, Ben Laurie <benl@google.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
On Mon, Feb 23, 2009 at 3:05 PM, Breno de Medeiros <breno@google.com> wrote:
> crossdomain.xml was introduce to support a few specific applications
> (notably flash), and it did not take into account the security requirements
> of the application context. Tough.

I'm suggesting we learn from their mistakes instead of making the same
mistakes ourselves.

> Because at this point there is no consensus what a general delegation
> mechanism would look like. Quite possibly, this might be
> application-specific.

Why not handle delegation at the application layer instead of using
HTTP redirects for delegation?

> The alternative is to write a spec that
> introduces complexity to solve problems that we conjecture might exist in
> yet-to-be-developed applications. The risk then is that the spec will not
> see adoption, or that implementors will deploy partial spec compliance in
> ad-hoc fashion, which is also a danger to interoperability.

Great.  Let's remove the complexity of following redirects.

Adam
Received on Monday, 23 February 2009 23:48:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:30 GMT