- From: Bil Corry <bil@corry.biz>
- Date: Thu, 16 Jul 2009 10:47:42 -0500
- To: Ian Hickson <ian@hixie.ch>
- CC: Adam Barth <w3c@adambarth.com>, public-webapps@w3.org
Ian Hickson wrote on 7/15/2009 4:53 PM: > On Wed, 15 Jul 2009, Bil Corry wrote: >> Ian Hickson wrote on 7/14/2009 6:37 PM: >>> On Tue, 14 Jul 2009, Bil Corry wrote: >>>> Ian Hickson wrote on 7/14/2009 12:49 AM: >>>>> (Trimmed cc list to avoid cross-posting.) >>>>> >>>>> On Thu, 25 Jun 2009, Bil Corry wrote: >>>>>> Thanks for the clarification. Will there be some mechanism within HTML5 >>>>>> to denote links that are privacy-sensitive versus those that are not? >>>>>> I'm imagining that by default, links to external resources would be >>>>>> considered private unless denoted as public (non-private?). >>>>> I have no plans to add such a feature at this time, but I suppose if >>>>> Sec-From becomes popular, we could add it at some future point, sure. >>>> The Sec-From draft relies on the adopter to define what constitutes >>>> "privacy-sensitive" -- will you be adding this definition to HTML5? >>> HTML5 will say whatever Adam tells me it should say once the draft is >>> stable. >> Given that identical requests may or may not be "privacy-sensitive" >> based entirely on context[1], and given that only the site itself >> understands the context, and given that HTML5 will not provide a way for >> the author to denote the context, we're left with Adam's default >> definition which may or may not be appropriate for any given request. >> We should revisit this once Adam has defined "privacy-sensitive". > > I expect that what Adam will tell me to do is to make everything in HTML5 > privacy-sensitive except GETs. I expect XHR GETs will not be. > I think you mean everything will NOT be privacy-sensitive except non-XHR GETs. - Bil
Received on Thursday, 16 July 2009 15:48:44 UTC