Re: Same-origin policies (Re: The other party in all this) from Tab Atkins Jr. on 2009-07-06 (www-font@w3.org from July to September 2009)

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 6 Jul 2009 15:56:21 -0500
To: Bert Bos <bert@w3.org>
Cc: www-font@w3.org
Message-ID: <dd0fbad0907061356j2b4c7043r1903f8940a09ec04@mail.gmail.com>

On Mon, Jul 6, 2009 at 2:38 PM, Bert Bos<bert@w3.org> wrote:
> On Monday 06 July 2009, Dave Crossland wrote:
>
>> CORS has a precedent in Firefox, and no one objects to it.
>
> It's a side discussion, but just to correct that statement: I *do*
> object to a dependency on HTTP.
>
> The slashes[*] inside an HTTP URL help to abbreviate URLs, but imply
> nothing about who owns the resource. (Akamai would own half the world's
> most popular files, it it were otherwise; and the Internet Archive
> would own the rest.) Additionally, not all URLs are HTTP URLs: think of
> e-mail message identifiers, p2p protocols, ISBN numbers, data URLs,
> etc.
>
> If it is important to know that font A is licensed for use with document
> B, then that information should stay with the font, no matter where the
> font is copied to: another server, a local hard disk, a CD, a zip file,
> the Internet Archive, Akamai's network, Gnutella, etc. Formats like
> EOT[3], Thomas Lord's multipart files[2], or OpenType with
> modified/extra tables[4,5] make that possible. CORS[1] doesn't (and
> wasn't designed to do so).
>
>
> [*] Tim Berners-Lee has said[7] that the mistake he made in HTTP URLs is
> the double slash. Its existence limits the content provider and
> confuses the content consumer. E.g., the EOT URL[3] should have been
> http:/org/w3/www/Submission/EOT/. How much is handled by a DNS server
> and how much by an HTTP server is up to the content provider, no need
> for the client to know that.
>
>
> [1] http://www.w3.org/TR/cors/
> [2] http://noeot.com/mame.html
> [3] http://www.w3.org/Submission/EOT/
> [4] http://www.w3.org/Fonts/Misc/minutes-2008-10#Compromise
> [5]
> http://blog.fontembedding.com/post/2009/06/10/New-Web-Fonts-Proposal.aspx
> [7] http://www.bcs.org/server.php?show=ConWebDoc.3337

While I agree, are you trying to suggest that people think that
CORS/same-origin restrictions carry ownership information with them in
any way?

~TJ

Received on Monday, 6 July 2009 20:58:29 UTC