RE: P3P - Feedback on Access Control

Mark Nottingham wrote:
> * per-resource OPTIONS requests are too chatty, don't scale to large
> numbers of resources, eventually causing developers to come up with
> workarounds such as boxcarring messages

I think Mark raises an important point here. Anne's response that the authorization request can be cached does not mitigate this performance problem, since the application may only issue a single request to a series of distinct resources. Consequently, this performance issue discourages application of the webarch principle which encourages use of distinct URIs for distinct resources. The WG's current proposal adds a network round-trip for each distinct URI in a web application.

For tracker, I think this point should be discussed when considering ISSUE-20:


Received on Thursday, 24 January 2008 17:38:30 UTC