- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Wed, 10 Feb 2010 08:33:56 -0500
- To: ext Thomas Roessler <tlr@w3.org>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Robin Berjon <robin@berjon.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Can you or someone else please take an action to provide a more detailed proposal of how OAuth might apply in this case? regards, Frederick Frederick Hirsch Nokia On Feb 10, 2010, at 7:51 AM, ext Thomas Roessler wrote: > On 10 Feb 2010, at 13:48, Robin Berjon wrote: > >> On Feb 10, 2010, at 13:25 , Thomas Roessler wrote: >>> It's also not clear that one couldn't fake a web server within >>> the browser (exposing the RESTFUL API to the JavaScript >>> environment) without ever implementing an HTTP server in the >>> process. >> >> Actually that can indeed be done by wrapping the XHR object (or >> more cleanly, by specialising it). My concern here is that you >> then sort of have to support all manners of HTTP semantics if you >> want to do it "right" (for rather pedantic values of right), but >> on the other hand you reach 80/20 very quickly. > > Well, you wouldn't need to represent HTTP semantics that are masked > away by XHR anyway, which probably takes away much of the 20% you > don't really want to do. > > The most interesting question is probably how to model > authorization for access to these resources if (a) they're actually > implemented through HTTP, and (b) there are several users at one IP > address or host name. > > I sense a use case for OAuth.
Received on Wednesday, 10 February 2010 13:34:51 UTC