- From: Maciej Stachowiak <mjs@apple.com>
- Date: Mon, 12 Apr 2010 13:00:25 -0700
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Arthur Barstow <art.barstow@nokia.com>, Anne van Kesteren <annevk@opera.com>, public-webapps <public-webapps@w3.org>
On Apr 12, 2010, at 10:33 AM, Tyler Close wrote: > On Mon, Apr 12, 2010 at 6:49 AM, Arthur Barstow > <art.barstow@nokia.com> wrote: >> Maciej, Tyler - thanks for continuing this discussion. I think it >> would be >> helpful to have consensus on what we mean by subsetting in this >> context. >> (Perhaps the agreed definition could be added to the CORS and UMP >> Comparison >> [1].) > > I've added a new section to the wiki page, "UMP as subset of CORS": > > http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UMP#UMP_as_subset_of_CORS > I do not think the set of subset criteria posted there matches what I proposed and what we've been discussing in this thread. Should I put some abbreviated form of my proposal in the wiki? I am not sure what the conventions are for editing this wiki page. I think the points you make on the wiki about cross-endangerment are good, but they are not really subset criteria, that's a property we want for any two Web platform features, and it could be achieved with a strategy of making things completely different instead of the subset strategy. They do represent relations that we should maintain however. I think even taken together, your set of subset conditions does guarantee that a CORS client implementation is automatically also a UMP client implementation. If we went that way, then we would have to consider whether there will ever be client implementors of UMP itself, or it will be impossible to fulfill CR exit criteria. Regards, Maciej
Received on Monday, 12 April 2010 20:00:59 UTC