Re: UMP / CORS: Implementor Interest

On Wed, Apr 21, 2010 at 1:29 PM, Ojan Vafai <ojan@chromium.org> wrote:
> I've been watching the CORS/UMP debate from the sidelines. Here's how it
> looks to me:
> 1) UMP folk want to keep UMP a separate spec so that it can (theoretically)
> be easier to implement and ship sooner.

We want to keep it a separate specification for two main reasons:
a) The simpler, shorter UMP spec is easier for web developers to
understand than a combined spec would be.
b) We believe there are significant technical issues with CORS that
should prevent it from being standardized in its current form.

I suspect implementation of UMP features is independent of whether or
not there are two documents or one, or whether its called CORS or
UMP/CORS. I suspect implementers will move ahead if they think it's a
good idea with a stable specification. For example, I don't think the
number of documents used to specify the formerly more monolithic HTML5
has affected implementation plans.

> 2) Browser vendors intend to implement CORS. They don't want to have two
> similar but slightly different stacks for making requests, either in
> implementation or in what's exposed to developers. So, having UMP as a
> separate spec doesn't make sense if it's intended to be a subset (or even
> mostly a subset) of CORS. Mozilla might be willing to implement UMP with
> some API modifications and Microsoft hasn't voiced an opinion.
> Is that an accurate summary?
> Are there other advantages to keeping UMP a separate spec other than
> concerns of ship dates? Given the lack of vendor support, it doesn't seem
> like ship date is really a good argument since the ship date is dependent
> on vendors actually implementing this.

AFAICT, there is good implementer support for the technical features
defined in UMP. Both Maciej and Anne indicated the features might be
implemented, but under the name CORS rather than UMP. AFAICT, that
constraint can be met by having CORS reference and extend UMP.

--Tyler

-- 
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html

Received on Wednesday, 21 April 2010 20:50:01 UTC