- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 12 Jan 2010 13:24:16 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: Tyler Close <tyler.close@gmail.com>, public-webapps <public-webapps@w3.org>
On Jan 12, 2010, at 12:29 PM, Adam Barth wrote: > On Tue, Jan 12, 2010 at 10:51 AM, Tyler Close > <tyler.close@gmail.com> wrote: >> It's not feasible to remove all ambient authority. For example, the >> client has the authority to send requests from its IP address. So we >> draw a line between network connectivity and issued credentials. >> Proxy >> credentials provide network connectivity. >> >> Also, as a practical matter, disallowing Proxy-Authorization might >> inhibit use of UMP, since a resource author would be concerned about >> the loss of users who are required to use a proxy. > > RIght, this is the essential point: whether we should remove a piece > of ambient authority is a risk management decision. Instead of > dogmatically stomping out all forms of ambient authority, we ought to > weigh the costs of removing the authority (in this case compatibility > issues with existing proxy deployments) with the benefits (greater > resilience to a class of vulnerabilities). > > The reason we have different beliefs about whether CORS or UMP is a > better protocol is because we perceve the risks and rewards > differently. Ultimately, authors are in a better position to weigh > these factors than we are, which is why we should provide both APIs. +1 - Maciej
Received on Tuesday, 12 January 2010 21:24:56 UTC