W3C home > Mailing lists > Public > public-device-apis@w3.org > February 2010

Re: Devices as Virtual Web Services

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Wed, 10 Feb 2010 08:33:56 -0500
Message-Id: <11FA5107-7C79-4741-95BB-C60108786F40@nokia.com>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Robin Berjon <robin@berjon.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
To: ext Thomas Roessler <tlr@w3.org>
Can you or someone else please take an action to provide a more  
detailed proposal of how OAuth might apply in this case?

regards, Frederick

Frederick Hirsch
Nokia



On Feb 10, 2010, at 7:51 AM, ext Thomas Roessler wrote:

> On 10 Feb 2010, at 13:48, Robin Berjon wrote:
>
>> On Feb 10, 2010, at 13:25 , Thomas Roessler wrote:
>>> It's also not clear that one couldn't fake a web server within  
>>> the browser (exposing the RESTFUL API to the JavaScript  
>>> environment) without ever implementing an HTTP server in the  
>>> process.
>>
>> Actually that can indeed be done by wrapping the XHR object (or  
>> more cleanly, by specialising it). My concern here is that you  
>> then sort of have to support all manners of HTTP semantics if you  
>> want to do it "right" (for rather pedantic values of right), but  
>> on the other hand you reach 80/20 very quickly.
>
> Well, you wouldn't need to represent HTTP semantics that are masked  
> away by XHR anyway, which probably takes away much of the 20% you  
> don't really want to do.
>
> The most interesting question is probably how to model  
> authorization for access to these resources if (a) they're actually  
> implemented through HTTP, and (b) there are several users at one IP  
> address or host name.
>
> I sense a use case for OAuth.
Received on Wednesday, 10 February 2010 13:34:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:32:17 UTC