Operator Identity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the last call I promised to expand on the idea for self-referral as a more general purpose way to extend the confirm, or store, APIs to other origins. It took a bit longer than I thought, and it needs loads more work but here it is.

It is an HTML formatted text file using ReSpec script and I have attached it to this. I do not know how to upload it to the W3C site to make it is available via a link, so it is on our website here, http://baycloud.com/Operator-Identity

This may be useful for other APIs so I have written it as a stand-alone Member submission for a stand-alone spec. document . What I suggested was that, if we decided we had to lose the “cookie like” domain property from the property bag following Anne van Kesteren’s LC comment, we could refer to a new spec (similar to this one) which would allow cross-origin access for same parties and service providers.

I originally thought it could leverage the WebApps Security WG Content-Security-Policy but the fundamental purpose is different enough that maybe it should be in its own spec. I shamelessly borrowed from CSP2 anyway.

If anybody think it is worth pursuing I can carry on working on it.

Mike


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJUfh+FAAoJEHMxUy4uXm2JsnAH/2xXvBd1QjDkUBo/BM2I1Hre
QcsOu7JlD66D1Ydt72lLJ9V5NlGd4Lb/awxcYuA7LHR2m0iM/GFiJKhrNHrKonY/
Meod/y2D9AFBF3CEXxb60un9Q3fV8JnHaQEVKkWkgX0YQYN0y0i24wwQn+STDLps
NULFB7mgzBt0SMCXnCuwWYP/AiHiyPjcjqvQHp6V+7cCyY7hCDN2zu1gor2CyqIC
sHZ55ksH5a4u7GnVMOhvVShMMutchM23N6GYM6+HjzgII8xQLQunCpFl6m4TS+Pm
KQ6sq6P7ZTxGK6xExxnx6Ug/iXv8Ol0nA/ZMdI4EXa/5qxVLF/oDa8h9OWo7aSs=
=15yN
-----END PGP SIGNATURE-----