- From: Brad Hill <hillbrad@gmail.com>
- Date: Mon, 01 Jun 2015 15:35:39 +0000
- To: Manu Sporny <msporny@digitalbazaar.com>, public-webappsec@w3.org
- Message-ID: <CAEeYn8gPFsZkhgR7xq+5_sPB0Q4UbPPuyzmv+L57Xo72c4sAcg@mail.gmail.com>
Yes, but who are the callers who will be best-served by managing these different models through a single abstract API shape? Abstraction comes at a cost. It may make sense to have an abstract API like GSS or SASL if you expect the same essential sets of claims and information but don't care about the mechanism by which they are conveyed in a heterogeneous system. And if there is great economy in the API surface of the mechanisms themselves. You could write an abstract API that treated XML digital signatures, JWS and CMS as substantially identical, but it would be almost certainly be either vulnerable to peculiarities possible with each or require they only act within the strict intersectionality of their design models. At the layer of a JS API, you have an interactive application that can do feature detection to find and select the exact mechanism it wants. If applications must expect substantially different results and mechanisms, that some mechanisms may have very different characteristics in terms of the number of round-trips, remote+async operations, and that user interaction patterns will have to be tailored to the protocol and even specific instances of the protocol, why is it even desirable to try to have a single API? -Brad On Sun, May 31, 2015 at 8:09 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > On 05/29/2015 04:37 PM, Brad Hill wrote: > > What kind of cross-origin do you mean? > > This kind: > > https://www.youtube.com/watch?v=eWtOg3vSzxI > > > The cross-origin system you describe in the abstract sounds > > architecturally similar to Mozilla's Persona. > > It's all the best parts of Persona and WebID with a number of changes to > ensure that the mistakes made with Persona and WebID+TLS (and OpenID > Connect) are not repeated again. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Web Payments: The Architect, the Sage, and the Moral Voice > https://manu.sporny.org/2015/payments-collaboration/ > > >
Received on Monday, 1 June 2015 15:36:16 UTC