Re: [UMP] Subsetting (was: [XHR2] AnonXMLHttpRequest())

On Apr 12, 2010, at 10:33 AM, Tyler Close wrote:

> On Mon, Apr 12, 2010 at 6:49 AM, Arthur Barstow  
> <art.barstow@nokia.com> wrote:
>> Maciej, Tyler - thanks for continuing this discussion. I think it  
>> would be
>> helpful to have consensus on what we mean by subsetting in this  
>> context.
>> (Perhaps the agreed definition could be added to the CORS and UMP  
>> Comparison
>> [1].)
>
> I've added a new section to the wiki page, "UMP as subset of CORS":
>
> http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UMP#UMP_as_subset_of_CORS
>

I do not think the set of subset criteria posted there matches what I  
proposed and what we've been discussing in this thread. Should I put  
some abbreviated form of my proposal in the wiki? I am not sure what  
the conventions are for editing this wiki page.

I think the points you make on the wiki about cross-endangerment are  
good, but they are not really subset criteria, that's a property we  
want for any two Web platform features, and it could be achieved with  
a strategy of making things completely different instead of the subset  
strategy. They do represent relations that we should maintain however.

I think even taken together, your set of subset conditions does  
guarantee that a CORS client implementation is automatically also a  
UMP client implementation. If we went that way, then we would have to  
consider whether there will ever be client implementors of UMP itself,  
or it will be impossible to fulfill CR exit criteria.

Regards,
Maciej

Received on Monday, 12 April 2010 20:00:59 UTC