[access-control] JSON

I have a few questions for the new draft:
http://www.w3.org/TR/2007/WD-access-control-20071001/

Is this really required? I can achieve the same with
   a) Dynamic script tags (JSON requests) as long I am am comfortable with GET
   b) PROXY governance
   c) CNAMEs as a way to bypass the domain restrictions

Other issues:
  a) No only does the browser have to allow this, but XMLRequest does as well.
  b) What about <a href="http://json.Com">JSON</a> responses?  XML is
great, but let us not fall into the "Not invented here" trap

I am NOT saying that this is not a good idea.  It is just that if I
have access to the web server to add a header, then I probably will be
able to solve this problem today.

I actually need this for my JSON requests.  As it stands now, I can do
cross-domain without really looking at security.  Might there be a way
to emulate this using script now?

Received on Wednesday, 3 October 2007 13:40:49 UTC