- From: Tyler Close <tyler.close@gmail.com>
- Date: Tue, 8 Dec 2009 10:12:53 -0800
- To: Ian Hickson <ian@hixie.ch>
- Cc: public-webapps@w3.org
Hi Ian, To answer your question, I need a better understanding of what "semi-public" means. At first blush, it sounds a little bit like "semi-pregnant". More inline below... On Tue, Dec 8, 2009 at 6:16 AM, Ian Hickson <ian@hixie.ch> wrote: > > I'm trying to understand this proposal and how it would interact with > Server-sent Events, XBL2, <canvas>/<img>, and <video>: We're not proposing changing the existing security model of the <img> tag, since that would break existing sites. A new <img>-like tag that supports UMP might be a good thing to have though. > > http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/att-0914/draft.html > > How would one label a static resource on an intranet server, e.g. > > http://videos.corp.example.com/tgif/2009-12-11.ogg > > ...such that it can be used by the pages on the following hosts: > > http://www.corp.example.com/ > http://moma.corp.example.com/ > http://tgif.corp.example.com/ > http://intranet.example.com/ > > ...but such that it could _not_ be used by pages on the following hosts: > > http://hostile-blog.example.com/ What exactly do you mean by "used"? Do you mean that the blog site author cannot obtain the bytes in the OGG file? For now, my best guess at your meaning is that you want some way to prohibit deep-linking to publicly accessible resources. Is that what you mean? If so, then I gather you're using a static OGG file as part of a "bandwidth stealing" argument. Am I following? If so, then I'm not sure how the intranet part plays into the scenario. I think we need to clarify the exact scenario and the access control rules being enforced before proceeding For example, who can read and write what, what do they want to do, and who must not be able to read or write what. Thanks, --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Tuesday, 8 December 2009 18:13:26 UTC