- From: Tyler Close <tyler.close@gmail.com>
- Date: Tue, 11 May 2010 10:48:57 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: "public-webapps@w3.org" <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>, Arthur Barstow <Art.Barstow@nokia.com>
Firefox, Chrome and Caja have now all declared an interest in implementing UMP. Opera and Safari have both declared an interest in implementing the functionality defined in UMP under the name CORS. I think it's clear that UMP has sufficient implementor interest to proceed along the standardization path. In the discussion on chromium-dev, Adam Barth wrote: """ Putting these together, it looks like we want a separate UMP specification for web developers and a combined CORS+UMP specification for user agent implementors. Consequently, I think it makes sense for the working group to publish UMP separately from CORS but have all the user agent conformance requirements in the combined CORS+UMP document. """ See: http://groups.google.com/a/chromium.org/group/chromium-dev/msg/4793e08f8ec98914?hl=en_US I think this is a satisfactory compromise and conclusion to the current debate. Anne, are you willing to adopt this strategy? If so, I think there needs to be a normative statement in the CORS spec that identifies the algorithms and corresponding inputs that implement UMP. Before sending UMP to Last Call, we need a CORS and UMP agreement on response header filtering. We need to reconcile the following two sections: http://dev.w3.org/2006/waf/access-control/#handling-a-response-to-a-cross-origin-re and http://dev.w3.org/2006/waf/UMP/#response-header-filtering Remaining subset issues around caching and credentials can be addressed with editorial changes to CORS. I'll provide more detail in a later email, assuming we've reached a compromise. --Tyler On Mon, Apr 19, 2010 at 12:43 AM, Anne van Kesteren <annevk@opera.com> wrote: > Hopefully it helps calling out attention to this in a separate thread. > > In http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0043.html > Maciej states Apple has no interest in implementing UMP from the UMP > specification. (I believe this means that a CORS defined subset that roughly > matches UMP is fine.) They want to retain their CORS support. > > For Opera I can say we are planning on supporting on CORS in due course and > have no plans on implementing UMP from the UMP specification. > > It would be nice if the three other major implementors (i.e. Google, > Mozilla, and Microsoft) also stated their interest for both specifications, > especially including whether removing their current level of CORS support is > considered an option. > > > -- > Anne van Kesteren > http://annevankesteren.nl/ > > -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Tuesday, 11 May 2010 17:49:31 UTC