Re: css3-fonts: should not dictate usage policy with respect to origin

Samsung supports your suggestion below if it is expressed either as "should"
or made conditionally mandatory, where the condition is expressed as follows
or an equivalent:

"If the use of WOFF occurs in a context where same origin access constraints
are *already* present/supported, then that mechanism *must* be used to limit
access to WOFF fonts; otherwise, such a mechanism *should* be provided for
such use."

We do not want the use of WOFF by itself, or css3-fonts, by itself, to
trigger a mandatory requirement for same origin processing in contexts that
don't already support such constraints. For example, in HTML4 or XHTML1
category UAs that already support @font-face or that wish to support WOFF.

We note that the @font-face rule has been defined in css3-fonts since 31
July 2001, and that a variety of UAs have been fielded in the non-desktop
environment (e.g., mobile, television, etc), which employ @font-face for
accessing other non-WOFF fonts, and do so without same origin restrictions.
This would argue against introducing a non-backward compatible change in
css3-fonts to mandate same origin processing for prior fielded
implementations that do not otherwise support same origin. WOFF similarly
should not by itself trigger mandatory support for same origin in such UAs.

G.

On Thu, Jun 23, 2011 at 11:30 AM, Liam R E Quin <liam@w3.org> wrote:

> The WOFF spec could say in its conformance section (right in the spec,
> not in a separate document) that for use in style sheets (not only CSS)
> an implementation-defined mechanism should (must?) be available to limit
> access to the WOFF resource outside of support for the style sheets, and
> maybe give same-origin as an example.
>

Received on Thursday, 23 June 2011 19:59:43 UTC