- From: Jonathan Kew <jonathan@jfkew.plus.com>
- Date: Mon, 20 Jun 2011 20:57:48 +0100
- To: John Hudson <tiro@tiro.com>
- Cc: Glenn Adams <glenn@skynav.com>, "Levantovsky, Vladimir" <Vladimir.Levantovsky@monotypeimaging.com>, Florian Rivoal <florianr@opera.com>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, "Tab Atkins Jr." <jackalmage@gmail.com>, W3C Style <www-style@w3.org>, 3668 FONT <public-webfonts-wg@w3.org>, www-font@w3.org
On 20 Jun 2011, at 19:24, John Hudson wrote: > Glenn wrote: > >> I believe Samsung could agree to making an authorial opt-in mechanism a mandatory feature on UAs that access WOFF; however, I believe we will not be able to agree with a policy that requires use of a restrictive opt-out mechanism which by default would prevent access. > > Would this be satisfactory, in terms of a Webfonts Conformance Specification (exact wording to be drafted, this is just to capture the intent)? > > UAs MUST respect author header settings restricting > or relaxing same origin. > > UAs SHOULD, by default, treat webfont resources as > same origin restricted. > > I think many of us would want to make that second statement a SHOULD rather than a MAY, simply to encourage UA makers to give serious thought as to whether they have a good reason not to treat webfont resources in this way. I think many of us would want to make that second statement a MUST, both in the interests of better interoperability, and to maintain the environment that has led to the current flourishing of webfont availability, services, and use. Exactly where such a requirement is specified may be less important than that it _is_ specified as a normative requirement for user agents. This has always been understood as part of the "WOFF model" in which many font providers - large and small, commercial and otherwise - agreed to participate, seeing it as a workable compromise that balanced competing and sometimes contradictory requirements and desires. If the WOFF spec, the CSS3 Fonts spec (which I think is the most sensible place to specify the behavior of @font-face, with reference to another spec for CORS or From-Origin as appropriate), or some hypothetical Webfonts Conformance spec requires this - which is the behavior the Working Group has agreed on - and Samsung chooses to ignore this aspect of the specifications.... well, that would be regrettable. But such a lack of conformance on the part of a particular vendor would, IMO, be a lesser evil than to undermine the entire model that enabled the current blossoming of webfonts, and risk thereby losing the trust and goodwill of many in the font community. JK
Received on Monday, 20 June 2011 19:59:07 UTC