- From: <henry.story@bblfish.net>
- Date: Thu, 19 Feb 2015 22:29:43 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>, public-webapps public-webapps <public-webapps@w3.org>
> On 19 Feb 2015, at 22:04, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 18 February 2015 at 06:31, Brad Hill <hillbrad@gmail.com> wrote: >> Some of the things that argue against /.well-known are: >> >> 1) Added latency of fetching the resource. > > It's not available everywhere yet, but you could push it, based on the below. > >> 2) Clients hammering servers for non-existent /.well-known resources (the >> favicon issue) > > You could avoid that by Link:-ing to the /.well-known and only hitting > it if the link appears. I assume you mean the Link: header. In that case I like the idea. Well the client could even cache the document and only hit it once for the whole server. Furthermore there would then be no need for the url to be in a .well-known location. It could be any resource whatsoever. That is the way that the "Web Access Control" system functions. See link from this page http://www.w3.org/2005/Incubator/webid/spec/ Every resource has a link to those resources that require access. Aslo see the curl examples https://github.com/read-write-web/rww-play/wiki/Curl-Interactions Henry Social Web Architect http://bblfish.net/
Received on Thursday, 19 February 2015 21:30:14 UTC