- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 13 Jan 2015 18:22:46 +0000
- To: public-ldp@w3.org
- Message-ID: <CAEeYn8gCRmX6M6kfsEB+QT8StPtRAn8pChCneOJk-EjrEgf8FA@mail.gmail.com>
Over in the WebAppSec WG, TBL has sparked a discussion on our Mixed Content draft ( https://w3c.github.io/webappsec/specs/mixedcontent/ ) with concerns that strict prohibition of inclusion of http data into https web applications will lock out a good deal of open data on the web. He gave as an example: http://lod-cloud.net/ I made a spot sample of the first data set listed on this site, and while indeed it was only available over http, it also did not appear to set CORS headers, and so would not be available for consumption by a web platform mashup app, anyway. I'd like to get a good sense for the size of the issue here: what data that is *actually* available to web mashups today would be blocked by stricter mixed content rules. (If a site really has no maintainers, I understand the issue, but if it would need maintenance to add Access-Control-Allow-Origin: * headers, that same maintainer can almost as easily turn on https.) Do any domain experts in LDP have ballpark numbers or even a fuzzy feeling for the magnitude of open data which: 1) Currently has CORS headers and is usable (and used) today in web platform mashups and: 2) Is not available over https thanks, Brad Hill Co-chair, WebAppSec WG
Received on Tuesday, 13 January 2015 18:23:14 UTC