[access-control] json from Ric Johnson on 2007-10-01 (public-appformats@w3.org from October 2007)

From: Ric Johnson <ricjohnsoniii@gmail.com>
Date: Mon, 1 Oct 2007 18:57:29 -0400
To: public-appformats@w3.org
Message-ID: <cecfffbf0710011557s6414f699r484bab75e6661080@mail.gmail.com>

I have a few questions for the new draft:
http://www.w3.org/TR/2007/WD-access-control-20071001/

Is this really required? I can achieve the same with
    a) Dynamic script tags (JSON requests) as long I am am comfortable with GET
    b) PROXY governance
    c) CNAMEs as a way to bypass the domain restrictions

Other issues:
   a) No only does the browser have to allow this, but XMLRequest does as well.
   b) What about <a href="http://json.Com">JSON</a> responses?  XML is
great, but let us not fall into the "Not invented here" trap

I am NOT saying that this is not a good idea.  It is just that if I
have access to the web server to add a header, then I probably will be
able to solve this problem today.

I actually need this for my JSON requests.  As it stands now, I can do
cross-domain without really looking at security.  Might there be a way
to emulate this using script now?

Received on Wednesday, 3 October 2007 13:40:46 UTC