Still catching up. Answering out of order. On Wed, Jan 13, 2010 at 7:26 AM, Frederick Hirsch < Frederick.Hirsch@nokia.com> wrote: > use of OAuth. > > That was just an example of one approach to the inter-site authorization problem. Others are CORS and UMP. As I said in the initial proposal, I don't think this WG should try to pick a winner in this debate. They should just position device APIs so that they can leverage whatever the winner is, by recasting devices as RESTful GET/POST apis. By so doing, we reduce the security issues to a previously unsolved problem ;). > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Jan 13, 2010, at 9:55 AM, ext Robin Berjon wrote: > > On Jan 13, 2010, at 15:50 , Frederick Hirsch wrote: >> >>> Is there a requirement to allow local access to contacts, for example, >>>>> even when disconnected from the network? How would this work in this model, >>>>> or is disconnected operation not a requirement? It seems a mobile device >>>>> should still operate as much as possible when disconnected. >>>>> >>>> >>>> That's entirely orthogonal. Either the web server is local, or (perhaps >>>> more likely) it is emulated by the user agent. You never go to the network, >>>> whether connected or not. >>>> >>> >>> I thought the proposal was to go to the network for authorization, in >>> which case it is not orthogonal. >>> >> >> I don't read that in the original proposal, can you clarify which part >> you're thinking of? >> >> -- >> Robin Berjon >> robineko — hired gun, higher standards >> http://robineko.com/ >> >> >> >> >> > -- Cheers, --MarkM
Received on Wednesday, 13 January 2010 18:23:31 UTC