Re: Seeking XDR versus AC4CSR+XHR2 follow-ups by Microsoft [Was: Re: IE Team's Proposal for Cross Site Requests]

Sunava Dutta wrote:
> Art, I apologize for the delay but we're currently coming up with a
> plan moving forward to regarding how we want to proceed with cross
> domain.

Sunava,

I've been lurking on this list for a while, and wanted to ask a question 
that I don't think has been answered on the list.

The IE8 White Paper on "Better Ajax Development" says:

"Cross-domain requests are anonymous to protect user data, which means 
that servers cannot easily find out who is requesting data. As a result, 
you only want to request and respond with cross-domain data that is not 
sensitive or personally identifiable."

Is that an accurate representation of MS's position, that XDR should 
never be used to request sensitive/private information, only generic 
public data?

Thanks,

-Ben Adida
ben@adida.net

Received on Friday, 2 May 2008 22:29:42 UTC