W3C home > Mailing lists > Public > public-tracking@w3.org > December 2014

Operator Identity

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Tue, 2 Dec 2014 20:22:30 -0000
To: "Nicholas Doty" <npdoty@w3.org>, <public-tracking@w3.org>, "David Singer" <singer@apple.com>, "'Roy T. Fielding'" <fielding@gbiv.com>
Cc: "'Anne van Kesteren'" <annevk@annevk.nl>
Message-ID: <02e601d00e6d$b44836c0$1cd8a440$@baycloud.com>
Hash: SHA1

In the last call I promised to expand on the idea for self-referral as a more general purpose way to extend the confirm, or store, APIs to other origins. It took a bit longer than I thought, and it needs loads more work but here it is.

It is an HTML formatted text file using ReSpec script and I have attached it to this. I do not know how to upload it to the W3C site to make it is available via a link, so it is on our website here, http://baycloud.com/Operator-Identity

This may be useful for other APIs so I have written it as a stand-alone Member submission for a stand-alone spec. document . What I suggested was that, if we decided we had to lose the “cookie like” domain property from the property bag following Anne van Kesteren’s LC comment, we could refer to a new spec (similar to this one) which would allow cross-origin access for same parties and service providers.

I originally thought it could leverage the WebApps Security WG Content-Security-Policy but the fundamental purpose is different enough that maybe it should be in its own spec. I shamelessly borrowed from CSP2 anyway.

If anybody think it is worth pursuing I can carry on working on it.


Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/
Charset: utf-8


Received on Tuesday, 2 December 2014 20:23:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:40:15 UTC