- From: Glenn Adams <glenn@skynav.com>
- Date: Thu, 19 Apr 2012 09:11:21 -0600
- To: Marcos Caceres <marcosscaceres@gmail.com>
- Cc: Arthur Barstow <art.barstow@nokia.com>, Philippe Le Hégaret <plh@w3.org>, Ian Jacobs <ij@w3.org>, WebApps WG <public-webapps@w3.org>
- Message-ID: <CACQ=j+en1npT_minTo1UexyzqZfNCcEV25=dzGyPypOeEyRnEQ@mail.gmail.com>
On Thu, Apr 19, 2012 at 9:04 AM, Glenn Adams <glenn@skynav.com> wrote: > > On Thu, Apr 19, 2012 at 9:02 AM, Marcos Caceres <marcosscaceres@gmail.com>wrote: > >> On Thursday, 19 April 2012 at 15:58, Glenn Adams wrote: >> >> > >> > On Thu, Apr 19, 2012 at 7:06 AM, Marcos Caceres < >> marcosscaceres@gmail.com (mailto:marcosscaceres@gmail.com)> wrote: >> > > On Thursday, 19 April 2012 at 13:48, Arthur Barstow wrote: >> > > > Marcos - would you please enumerate the CR's uses of HTML5 and state >> > > > whether each usage is to a stable part of HTML5? >> > > >> > > 3. "When getting or setting the preferences attribute, if the origin >> of a widget instance is mutable (e.g., if the user agent allows >> document.domain to be dynamically changed), then the user agent must >> perform the preference-origin security check. The concept of origin is >> defined in [HTML]." >> > > Origin is concept that is well understood - as is the same origin >> policy used by browsers. >> > >> > >> > TWI [1] does not define "the origin of a widget instance". >> That's because they are not bound to any particular URI scheme. Just to >> some origin. >> > Nor does HTML5. It is also confusing to say that HTML5 defines the >> 'concept of origin', given that it normatively refers to The Web Origin >> Concept [2]. TWI needs to be more specific about what aspect of Origin is >> being referenced and where that specific aspect is defined. >> >> As there are no interoperability issues, I don't agree the TWI spec needs >> to be updated any further. It's just a simple spec and any further >> clarifications would just be academic. >> > >> > [1] http://www.w3.org/TR/2011/CR-widgets-apis-20111213/ >> > [2] http://tools.ietf.org/html/rfc6454 >> > > in that case, please record an objection on my part > just to be clear, I mean an objection to publishing as PR unless this is clarified; i believe this is an issue because the concept and use of origin is (1) very complex and (2) thus prone to misinterpretation; for example, it is not well recognized that HTML5 itself does not require a UA to send an Origin header in a URL request (see [3]) [3] https://www.w3.org/Bugs/Public/show_bug.cgi?id=16574
Received on Thursday, 19 April 2012 15:12:16 UTC