- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 15 Jul 2009 21:53:00 +0000 (UTC)
- To: Bil Corry <bil@corry.biz>
- Cc: Adam Barth <w3c@adambarth.com>, public-webapps@w3.org
On Wed, 15 Jul 2009, Bil Corry wrote: > Ian Hickson wrote on 7/14/2009 6:37 PM: > > On Tue, 14 Jul 2009, Bil Corry wrote: > >> Ian Hickson wrote on 7/14/2009 12:49 AM: > >>> (Trimmed cc list to avoid cross-posting.) > >>> > >>> On Thu, 25 Jun 2009, Bil Corry wrote: > >>>> Thanks for the clarification. Will there be some mechanism within HTML5 > >>>> to denote links that are privacy-sensitive versus those that are not? > >>>> I'm imagining that by default, links to external resources would be > >>>> considered private unless denoted as public (non-private?). > >>> I have no plans to add such a feature at this time, but I suppose if > >>> Sec-From becomes popular, we could add it at some future point, sure. > >> The Sec-From draft relies on the adopter to define what constitutes > >> "privacy-sensitive" -- will you be adding this definition to HTML5? > > > > HTML5 will say whatever Adam tells me it should say once the draft is > > stable. > > Given that identical requests may or may not be "privacy-sensitive" > based entirely on context[1], and given that only the site itself > understands the context, and given that HTML5 will not provide a way for > the author to denote the context, we're left with Adam's default > definition which may or may not be appropriate for any given request. > We should revisit this once Adam has defined "privacy-sensitive". I expect that what Adam will tell me to do is to make everything in HTML5 privacy-sensitive except GETs. I expect XHR GETs will not be. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 15 July 2009 21:53:38 UTC