- From: Denis Bohm <denis@fireflydesign.com>
- Date: Wed, 3 Nov 2004 19:13:54 -0800
- To: "Ian Hickson" <ian@hixie.ch>, "Peter Sorotokin" <psorotok@adobe.com>
- Cc: <www-svg@w3.org>
> On Wed, 3 Nov 2004, Peter Sorotokin wrote: > > > > Most secure UAs can block these connections (or require user to approve > > it for a specific host, verify signatures, etc.). We are not imposing > > our security model on UAs, we just outlining baseline expectations. > > The point is that once you've implemented this securely, it becomes less > useful than URLRequest, since it can only access HTTP ports, but doesn't > do HTTP. It seems bad to have a feature that is only useful if implemented > in insecure ways. > > If the use case is only for secured networks, then it shouldn't be in a > W3C spec (W3C specs being, by definition, designed for the Web). I don't understand what your point is. It seems to be that since some sites will only allow HTTP requests that SVG should not implement a more powerful network interface for anyone? The SVG socket interface is very useful as it allows two way asynchronous communication. This is an essential feature for some interactive SVG applications. These interfaces were added because people, like me, who used early SVG implementations found that they were needed - and the SVG working group listened.
Received on Thursday, 4 November 2004 03:14:53 UTC