RE: P3P - Feedback on Access Control

Ian Hickson wrote:
> On Thu, 24 Jan 2008, Close, Tyler J. wrote:
> >
> > I think Mark raises an important point here. Anne's
> response that the
> > authorization request can be cached does not mitigate this
> performance
> > problem, since the application may only issue a single request to a
> > series of distinct resources.
>
> This only applies when you're doing many non-GET requests. Can you
> describe a case in which you'd be doing that enough that the
> extra round
> trips would matter?

Are you suggesting that the recommendation document add to its list of assumptions one stating that web applications don't do lots of non-GET requests to distinct resources?

I dispute your implied argument that it should be up to me to disprove this assumption, rather than up to you to substantiate it, but I'll list some plausible use-cases anyways. This kind of web interaction is likely in any application that populates a URI namespace operated by a server, such as:

1. any web application that uses the ATOM publishing protocol
2. a web application that puts a new GUI on another web application, such as skining an auction site, or email application
3. a content authoring web application that stores user created content in a data store provided by another web application, such as one operated by Amazon.

These are broad categories. Should be easy to come up with lots of specific examples, and likely even more categories.

--Tyler

Received on Thursday, 24 January 2008 23:42:20 UTC