Re: UMP / CORS: Implementor Interest

On Tue, Apr 20, 2010 at 10:07 PM, Anne van Kesteren <> wrote:
> On Wed, 21 Apr 2010 01:27:10 +0900, Tyler Close <>
> wrote:
>> Why can't it be made exactly like UMP? All of the requirements in UMP
>> have been discussed at length and in great detail on this list by some
>> highly qualified people. The current UMP spec reflects all of that
>> discussion. By your own admission, the CORS spec has not received the
>> same level of review for these features. Why hasn't CORS adopted the
>> UMP solution?
> Because I've yet to receive detailed feedback / proposals on CORS on what
> needs changing. In another thread Maciej asked you whether you would like to
> file the appropriate bugs and the he would do so if you did not get around
> to it. I have not seen much since.

The email you refer to listed several specific problems with CORS. As
you've noted, Maciej agreed these were problems. Now you're telling us
that as editor for the WG you have decided to ignore this detailed
feedback because it is not yet filed as official Issues against CORS.
Instead, you are choosing to ignore UMP and press ahead trying to gain
implementer support for the mechanism defined in CORS, even though you
know there are agreed problems with it.

A different approach, would be to recognize the value of all the work
and analysis the WG has put into UMP and so explore how CORS could
reference and leverage this work. I am happy to collaborate with you
on this task if you'd like to make the attempt.


"Waterken News: Capability security on the Web"

Received on Wednesday, 21 April 2010 17:40:05 UTC