Re: [UMP] Proxy-Authorization

On Tue, Jan 12, 2010 at 10:51 AM, Tyler Close <tyler.close@gmail.com> wrote:
> It's not feasible to remove all ambient authority. For example, the
> client has the authority to send requests from its IP address. So we
> draw a line between network connectivity and issued credentials. Proxy
> credentials provide network connectivity.
>
> Also, as a practical matter, disallowing Proxy-Authorization might
> inhibit use of UMP, since a resource author would be concerned about
> the loss of users who are required to use a proxy.

RIght, this is the essential point: whether we should remove a piece
of ambient authority is a risk management decision.  Instead of
dogmatically stomping out all forms of ambient authority, we ought to
weigh the costs of removing the authority (in this case compatibility
issues with existing proxy deployments) with the benefits (greater
resilience to a class of vulnerabilities).

The reason we have different beliefs about whether CORS or UMP is a
better protocol is because we perceve the risks and rewards
differently.  Ultimately, authors are in a better position to weigh
these factors than we are, which is why we should provide both APIs.

Adam

Received on Tuesday, 12 January 2010 20:30:25 UTC