- From: Tyler Close <tyler.close@gmail.com>
- Date: Tue, 20 Apr 2010 12:55:27 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, "public-webapps@w3.org" <public-webapps@w3.org>
On Tue, Apr 20, 2010 at 11:39 AM, Maciej Stachowiak <mjs@apple.com> wrote: > > On Apr 20, 2010, at 9:27 AM, Tyler Close wrote: > >> On Mon, Apr 19, 2010 at 6:47 PM, Anne van Kesteren <annevk@opera.com> >> wrote: >>> >>> On Tue, 20 Apr 2010 00:38:54 +0900, Jonas Sicking <jonas@sicking.cc> >>> wrote: >>>> >>>> As I've said before. I'd be interested in implementing UMP in firefox >>>> if we can come up with a reasonable API for using it. I.e. a separate >>>> constructor or flag or similar on XHR. This is assuming that UMP is a >>>> reasonable subset of CORS. >>> >>> Have you looked at the proposal I put in XHR2? It sets certain flags in >>> CORS >>> that make it more or less the same as UMP. >> >> Why can't it be made exactly like UMP? All of the requirements in UMP >> have been discussed at length and in great detail on this list by some >> highly qualified people. The current UMP spec reflects all of that >> discussion. By your own admission, the CORS spec has not received the >> same level of review for these features. Why hasn't CORS adopted the >> UMP solution? > > It should be made exactly like UMP, either by changing CORS, or changing > UMP, or some combination of the two. A list of differences between UMP and > CORS "anonymous mode" would be most helpful. Some of these issues are listed at the top of: http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0060.html Many of the differences arise from CORS being silent about relevant issues, such as caching or received cookies, so it's hard to know what the CORS stand on these issues is. This part of the CORS spec is just not well developed yet. Since there are still major outstanding issues against other parts of the CORS spec, I still think it's a better idea to move forward with separate documents, where the CORS spec references the UMP spec for its credential-free mode. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Tuesday, 20 April 2010 19:56:02 UTC