- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 27 May 2009 20:24:45 +0200
- To: Adam Barth <w3c@adambarth.com>
- Cc: Henri Sivonen <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
I suspect that that's a discrepancy between what the spec says, and what it's meant to say. However, there is indeed a choice to be made between having a single "origin" for all widgets signed with the same key (with corresponding mutual access rights), having a boundary between different widgets signed with the same key, and having a boundary between widget instances. While I really like the "public-key-as-origin" idea, I wonder whether the most conservative path for the current round of widget specifications isn't to just stick to the random per-instance (!) origin, and relax later. Cheers, -- Thomas Roessler, W3C <tlr@w3.org> On 27 May 2009, at 18:23, Adam Barth wrote: > On Wed, May 27, 2009 at 9:05 AM, Henri Sivonen <hsivonen@iki.fi> > wrote: >> On May 27, 2009, at 18:32, Adam Barth wrote: >> >>> 3) A developer can write two widgets that occupy the same origin >>> (again, but re-using the public key). These widgets will be able to >>> interact more freely, for example by sharing the same localStorage, >>> etc. >> >> >> I though the point of the UUID was to isolate even different >> instances of >> the same widget. > > The spec says the UUID is picked at install-time, so two instances of > the widget will get the same UUID. > > Adam >
Received on Wednesday, 27 May 2009 18:24:51 UTC