- From: Tyler Close <tyler.close@gmail.com>
- Date: Thu, 8 Apr 2010 06:12:31 -0700
- To: Marcos Caceres <marcosc@opera.com>
- Cc: Maciej Stachowiak <mjs@apple.com>, "Mark S. Miller" <erights@google.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Thu, Apr 8, 2010 at 5:44 AM, Marcos Caceres <marcosc@opera.com> wrote: > To me personally, it only really makes sense for UMP to be merged into CORS. > Having both specs is confusing. Given that we've created a superset-subset relationship between CORS and UMP, we don't have divergent specs for the same functionality; instead we simply have a modular spec. Splitting the spec this way is useful because the UMP subset is significantly smaller and the CORS superset involves additional, complicated security risks. > To have UMP as an optional add-on does not > feel right because of the DBAD issue. Indeed, DBAD is only relevant to CORS, so adding this complexity to UMP by putting it in the same document with the rest of CORS is confusing. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Thursday, 8 April 2010 13:13:04 UTC