Re: A Somewhat Critical View of SOP (Same Origin Policy)

On Sat, Aug 29, 2015 at 1:21 AM, Anders Rundgren <> wrote:

> A core part of the Web Security model is based on SOP.
> However, the world (outside of the Web) isn't working according this
> model; it is rather ad-hoc.
> This has lead to the "App-explosion" which is better aligned (for good or
> for worse) to needs of the world than a SOP-crippled Web.

I think this argument is a total non-sequitur. On the desktop we saw a huge
shift away from native applications to web-based ones. It's only on the
mobile web that we see the reverse. If SOP is holding back the mobile web,
why did we see the opposite on the desktop?

I think the deficiencies of the mobile web have a lot more to do with
performance, both on a limited mobile connection and with more limited

What is your reasoning that the limitations of SOP are driving the shift
from mobile web to native apps, and why did we see the opposite on the

Tony Arcieri

Received on Sunday, 30 August 2015 23:09:15 UTC