[UMP] Subsetting (was: [XHR2] AnonXMLHttpRequest()) from Mark S. Miller on 2010-02-04 (public-webapps@w3.org from January to March 2010)

From: Mark S. Miller <erights@google.com>
Date: Wed, 3 Feb 2010 17:31:32 -0800
To: Maciej Stachowiak <mjs@apple.com>
Cc: Tyler Close <tyler.close@gmail.com>, Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
Message-ID: <4d2fac901002031731r63f9f33bl3de3635f2f5b020@mail.gmail.com>

Hi Maciej and Tyler,

IMO, the important subsetting points, in priority order, are:

1) Server-side behavior compatible with UMP is automatically compatible with
CORS and with present CORS-like browser behaviors.
2) The client-side mechanisms one needs to implement UMP correctly are a
small subset of the mechanisms one needs to implement CORS. Having made the
investment in implementing CORS-like mechanisms, no significant further
internal mechanism is needed to implement UMP. (Indeed, I wouldn't be
surprised if one could derive an UMP implementation from a CORS
implementation mostly by commenting out code.)
3) Given other proposals already on the table -- CORS and unique-origin
iframes -- one could build the proposed xhr-like UniformRequest API as a
library on top. Though these requests would include an unneeded "Origin:
null" header, such a header is not a credential and so would not violate any
MUST in UMP. The messages would still be Uniform.

I think this thread has focussed exclusively on point #3 and lost sight of
points #1 and #2.


-- 
    Cheers,
    --MarkM

Received on Thursday, 4 February 2010 01:32:04 UTC