In the last call I promised to expand on the idea for self-referral as a more general purpose way to extend the confirm, or store, APIs to other origins. It took a bit longer than I thought, and it needs loads more work but here it is.

It is an HTML formatted text file using ReSpec script and I have attached it to this. I do not know how to upload it to the W3C site to make it is available via a link, so it is on our website here, http://baycloud.com/Operator-Identity

This may be useful for other APIs so I have written it as a stand-alone Member submission for a stand-alone spec. document . What I suggested was that, if we decided we had to lose the “cookie like” domain property from the property bag following Anne van Kesteren’s LC comment, we could refer to a new spec (similar to this one) which would allow cross-origin access for same parties and service providers.

I originally thought it could leverage the WebApps Security WG Content-Security-Policy but the fundamental purpose is different enough that maybe it should be in its own spec. I shamelessly borrowed from CSP2 anyway.

If anybody think it is worth pursuing I can carry on working on it.

Mike