Re: [UMP] Request for Last Call from Arthur Barstow on 2010-04-08 (public-webapps@w3.org from April to June 2010)

From: Arthur Barstow <art.barstow@nokia.com>
Date: Thu, 8 Apr 2010 08:08:56 -0400
To: "ext Mark S. Miller" <erights@google.com>, Anne van Kesteren <annevk@opera.com>, Maciej Stachowiak <mjs@apple.com>, Tyler Close <tyler.close@gmail.com>
Cc: public-webapps <public-webapps@w3.org>
Message-Id: <0A6FC487-B7CF-4FE6-984E-2C6EEDCF68B3@nokia.com>

On Apr 7, 2010, at 4:19 PM, ext Mark S. Miller wrote:

> On Wed, Apr 7, 2010 at 2:54 AM, Anne van Kesteren  
> <annevk@opera.com> wrote:
>> On Tue, 06 Apr 2010 22:12:33 +0200, Tyler Close  
>> <tyler.close@gmail.com>
>> wrote:
>>>
>>> I've uploaded a new draft of the Uniform Messaging Policy to:
>>>
>>> http://dev.w3.org/2006/waf/UMP/
>>>
>>> This version adopts the same redirect handling specified by CORS.  
>>> With
>>> this change I believe there are no outstanding issues with UMP.
>>>
>>> The latest version also includes clarifications on the use of HTTP
>>> caching in uniform requests, as well as the prohibition of client
>>> authenticated connections for uniform requests. Both of these  
>>> changes
>>> reflect clarifications discussed on the list.
>>>
>>> I believe the current editor's draft of UMP reflects all feedback
>>> received on the FPWD and is ready to proceed to Last Call.
>>
>> Since this is just a [subset] of CORS I wonder why we need it.
>
> Because it is the subset of CORS on which we have consensus.
>
> Also, the feedback we've received on UMP show that UMP documents this
> subset more understandably than the CORS spec does.
>
>
>> Are there any
>> vendors considering dropping support for CORS in favor of just  
>> supporting
>> UMP?

I agree getting more info from the vendors would be good and thanks  
Maciej for your response [1] on that question.

Re the relationship between CORS and UMP, I believe the last thread  
on that subject was the following exchange between Mark and Maceij on  
February 3:

  http://lists.w3.org/Archives/Public/public-webapps/2010JanMar/ 
0462.html

(Neither Mark nor Tyler responded to Maciej's e-mail above.)

We also have the Comparison of CORS and UMP document:

  http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UM

If we are going to continue with two separate specs, I think it is  
important re expectations from Members and the Public, for there to  
be consensus on the relationship(s) between the two models e.g. why  
do we have two models, where do the models intersect, what use cases  
can only be met with one of the models, why they can't these two  
models be merged into a single model, etc.

-Art Barstow

[1] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 
0043.html

Received on Thursday, 8 April 2010 12:10:05 UTC