- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Thu, 8 Apr 2010 08:08:56 -0400
- To: "ext Mark S. Miller" <erights@google.com>, Anne van Kesteren <annevk@opera.com>, Maciej Stachowiak <mjs@apple.com>, Tyler Close <tyler.close@gmail.com>
- Cc: public-webapps <public-webapps@w3.org>
On Apr 7, 2010, at 4:19 PM, ext Mark S. Miller wrote: > On Wed, Apr 7, 2010 at 2:54 AM, Anne van Kesteren > <annevk@opera.com> wrote: >> On Tue, 06 Apr 2010 22:12:33 +0200, Tyler Close >> <tyler.close@gmail.com> >> wrote: >>> >>> I've uploaded a new draft of the Uniform Messaging Policy to: >>> >>> http://dev.w3.org/2006/waf/UMP/ >>> >>> This version adopts the same redirect handling specified by CORS. >>> With >>> this change I believe there are no outstanding issues with UMP. >>> >>> The latest version also includes clarifications on the use of HTTP >>> caching in uniform requests, as well as the prohibition of client >>> authenticated connections for uniform requests. Both of these >>> changes >>> reflect clarifications discussed on the list. >>> >>> I believe the current editor's draft of UMP reflects all feedback >>> received on the FPWD and is ready to proceed to Last Call. >> >> Since this is just a [subset] of CORS I wonder why we need it. > > Because it is the subset of CORS on which we have consensus. > > Also, the feedback we've received on UMP show that UMP documents this > subset more understandably than the CORS spec does. > > >> Are there any >> vendors considering dropping support for CORS in favor of just >> supporting >> UMP? I agree getting more info from the vendors would be good and thanks Maciej for your response [1] on that question. Re the relationship between CORS and UMP, I believe the last thread on that subject was the following exchange between Mark and Maceij on February 3: http://lists.w3.org/Archives/Public/public-webapps/2010JanMar/ 0462.html (Neither Mark nor Tyler responded to Maciej's e-mail above.) We also have the Comparison of CORS and UMP document: http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UM If we are going to continue with two separate specs, I think it is important re expectations from Members and the Public, for there to be consensus on the relationship(s) between the two models e.g. why do we have two models, where do the models intersect, what use cases can only be met with one of the models, why they can't these two models be merged into a single model, etc. -Art Barstow [1] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/ 0043.html
Received on Thursday, 8 April 2010 12:10:05 UTC