- From: Ben Adida <ben@adida.net>
- Date: Fri, 02 May 2008 15:29:05 -0700
- To: Sunava Dutta <sunavad@windows.microsoft.com>
- CC: Arthur Barstow <art.barstow@nokia.com>, Eric Lawrence <ericlaw@exchange.microsoft.com>, Chris Wilson <Chris.Wilson@microsoft.com>, ext Anne van Kesteren <annevk@opera.com>, "Web API WG (public)" <public-webapi@w3.org>, "public-appformats@w3.org" <public-appformats@w3.org>, Zhenbin Xu <zhenbinx@windows.microsoft.com>, Gideon Cohn <gidco@windows.microsoft.com>, Sharath Udupa <Sharath.Udupa@microsoft.com>, Marc Silbey <marcsil@windows.microsoft.com>
Sunava Dutta wrote: > Art, I apologize for the delay but we're currently coming up with a > plan moving forward to regarding how we want to proceed with cross > domain. Sunava, I've been lurking on this list for a while, and wanted to ask a question that I don't think has been answered on the list. The IE8 White Paper on "Better Ajax Development" says: "Cross-domain requests are anonymous to protect user data, which means that servers cannot easily find out who is requesting data. As a result, you only want to request and respond with cross-domain data that is not sensitive or personally identifiable." Is that an accurate representation of MS's position, that XDR should never be used to request sensitive/private information, only generic public data? Thanks, -Ben Adida ben@adida.net
Received on Friday, 2 May 2008 22:29:41 UTC