- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 10 Feb 2010 13:51:15 +0100
- To: Robin Berjon <robin@berjon.com>
- Cc: Thomas Roessler <tlr@w3.org>, Frederick Hirsch <Frederick.Hirsch@nokia.com>, public-device-apis@w3.org
On 10 Feb 2010, at 13:48, Robin Berjon wrote: > On Feb 10, 2010, at 13:25 , Thomas Roessler wrote: >> It's also not clear that one couldn't fake a web server within the browser (exposing the RESTFUL API to the JavaScript environment) without ever implementing an HTTP server in the process. > > Actually that can indeed be done by wrapping the XHR object (or more cleanly, by specialising it). My concern here is that you then sort of have to support all manners of HTTP semantics if you want to do it "right" (for rather pedantic values of right), but on the other hand you reach 80/20 very quickly. Well, you wouldn't need to represent HTTP semantics that are masked away by XHR anyway, which probably takes away much of the 20% you don't really want to do. The most interesting question is probably how to model authorization for access to these resources if (a) they're actually implemented through HTTP, and (b) there are several users at one IP address or host name. I sense a use case for OAuth.
Received on Wednesday, 10 February 2010 12:51:22 UTC