- From: Brad Hill <hillbrad@gmail.com>
- Date: Mon, 05 Jan 2015 17:55:24 +0000
- To: Tim Berners-Lee <timbl@w3.org>, Anne van Kesteren <annevk@annevk.nl>
- Cc: WebAppSec WG <public-webappsec@w3.org>
- Message-ID: <CAEeYn8jNmOL8J0KQ7A=-MDzutASwETmKR_-_cdGyhA6-JgChug@mail.gmail.com>
On Mon Jan 05 2015 at 3:26:59 AM Tim Berners-Lee <timbl@w3.org> wrote: > > > Data is special > > I am a web app developer, I need to be able to access any data. > I am happy to and indeed want to secure the scripts and HTML and CSS which > are part of my app. > I am happy to secure access to data which I control and serve. > I need to be able to access legacy insecure data like the think Linked > Open Data cloud (http://lod-cloud.net/). > > Are there particular obstacles to the providers of this data making it available over HTTPS or other reasons why we should assume that, over time, they will not do so? Are the providers of this data actually making an effort to make it usable in client-side web platform mashups? (e.g. setting CORS headers?) I went to http://lod-cloud.net/, picked the first resource listed on the home page and loaded the example resource ( http://data.linkededucation.org/resource/lak/conference/lak2013/paper/93) . It is indeed not accessible over HTTPS, but neither does it return CORS headers so would still require proxying or a native app for client-side mashups. It seems there is an educational outreach campaign needed to data providers on best practices and necessary steps to enable their data to be used in the web platform, so shouldn't that include making the data available over HTTPS alongside setting an "Access-Control-Allow-Origin: *" header? -Brad Hill
Received on Monday, 5 January 2015 17:55:52 UTC