Re: Simple LREST toying

On Fri, 12 Feb 2010 14:14:26 +0100, Frederick Hirsch  
<> wrote:
> So if the  photos (or contacts) are on the device, then access policy  
> should be handled by the device, which results in needing the policy on  
> the device, for the device APIs.
> So to repeat what I think you are saying
> 1. allow uniform REST access to API, thus making it transparent whether  
> it is local or remote (apart from URL being clear)
> 2. if the data is on the device itself, then policy and access control  
> and privacy concerns must be met by the device, (and this WG was  
> chartered to provide a standard for that I believe). If on a web server  
> the device need not care, since authentication and authorization are the  
> responsibility of the service on the site.
> Am I understanding this correctly so far?

Right, though I'm not sure exactly what you think needs to be  
standardized. The service on the device would need to do exactly the same  
as the service on the server. Either that or the user agent would need to  
implement a mapping between the device service API and the REST service  
against the "new URL".

> I believe there is remains a  usability argument re Javascript APIs vs  
> calling REST,  however your point that the paradigm is a bigger issue  
> probably holds.

JavaScript libraries will provide convenience I think and are much more  
likely to come up with something good than us.

Anne van Kesteren

Received on Friday, 12 February 2010 13:24:38 UTC