- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 7 Feb 2008 01:33:43 +0000 (UTC)
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: "L. David Baron" <dbaron@dbaron.org>, "public-appformats@w3.org" <public-appformats@w3.org>
On Thu, 7 Feb 2008, Close, Tyler J. wrote: > L. David Baron wrote: > > > > [...] This is already possible with things like the basic (map > > display) part of the Google Maps API only because there aren't > > cross-site restrictions on image loading [...] > > > > In what cases is accountability for actions needed for such > > fully-public resources? > > It may not be, in which case the user authentication cookies are also > not needed. So public resources could be safely accessed by a design > that did not send user cookies with the cross-domain request. Sending > the cookies creates the issue of how to handle accountability. We'd still like cookies sent even for cross-site image requests for the Google Maps API, e.g. so that we can send user-personalised map tiles. For example, one could imagine that map tiles would be localised based on the user's preferences instead of based on geographic location or the embedder's language, in which case we'd need the cookie. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 7 February 2008 01:33:57 UTC