- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 12 Jan 2010 12:29:27 -0800
- To: Tyler Close <tyler.close@gmail.com>
- Cc: public-webapps <public-webapps@w3.org>
On Tue, Jan 12, 2010 at 10:51 AM, Tyler Close <tyler.close@gmail.com> wrote: > It's not feasible to remove all ambient authority. For example, the > client has the authority to send requests from its IP address. So we > draw a line between network connectivity and issued credentials. Proxy > credentials provide network connectivity. > > Also, as a practical matter, disallowing Proxy-Authorization might > inhibit use of UMP, since a resource author would be concerned about > the loss of users who are required to use a proxy. RIght, this is the essential point: whether we should remove a piece of ambient authority is a risk management decision. Instead of dogmatically stomping out all forms of ambient authority, we ought to weigh the costs of removing the authority (in this case compatibility issues with existing proxy deployments) with the benefits (greater resilience to a class of vulnerabilities). The reason we have different beliefs about whether CORS or UMP is a better protocol is because we perceve the risks and rewards differently. Ultimately, authors are in a better position to weigh these factors than we are, which is why we should provide both APIs. Adam
Received on Tuesday, 12 January 2010 20:30:25 UTC