On Tue, Jun 22, 2010 at 8:56 PM, Adrian Bateman <adrianba@microsoft.com>wrote:
> On Tuesday, June 22, 2010 8:40 PM, David Levin wrote:
> > I agree with you Adrian that it makes sense to let the user agent figure
> > out the optimal way of implementing origin and other checks.
> >
> > A logical step from that premise is that the choice/format of the
> > namespace specific string should be left up to the UA as embedding
> > information in there may be the optimal way for some UA's of implementing
> > said checks, and it sounds like other UAs may not want to do that.
>
> Robin outlined why that would be a problem [1]. My original feeling was
> that this should be left up to UAs, as you say, but I've been convinced that
> doing so is a race to the most complex URL scheme.
>
> Robin discussed something that could possibly in
http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0743.html. At
the same time, there are implementors who gave specific reasons why encoding
certain information (scheme, host, port) in the namespace specific string
(NSS) is useful to various UAs. No other information has been requested, so
theories adding more information seem premature.
>
If the format must be specified, it seems reasonable to take both the
theoretical and practical issues into account.
>
Encoding that the security origin in the NSS isn't complex. If a proposal is
needed about how that can be done in a simple way, I'm willing to supply
one. Also, UAs that don't care about that information are free to ignore it
and don't need to parse it.
>
dave
>
>