- From: Jonathan Rees <jar@creativecommons.org>
- Date: Wed, 2 Mar 2011 09:41:08 -0500
- To: Chris Lilley <chris@w3.org>
- Cc: Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org" <www-tag@w3.org>
On Tue, Mar 1, 2011 at 10:53 PM, Chris Lilley <chris@w3.org> wrote: > On Tuesday, March 1, 2011, 8:06:23 PM, Jonathan wrote: > > JR> Interesting. Until now the browser has been a user-agent, acting on > JR> the user's behalf. This is true even when CORS is added. If I > JR> understand it correctly, this proposal enlists the browser as a > JR> server-agent as well, rather like DRM. > > No, it is explicitly not "like DRM". Sorry, I was just making a technical comparison, not implying a value judgment; and I didn't mean "exactly like", I meant "sort of like". > Its unfortunate that Anne chose to associate this with "license enforcement" (see quote below). WOFF has explicitly avoided any suggestion of "enforcement". > > Instead it provides information, such as details of the license. Yes, this makes perfect sense to me. For example, if I were an artist making collages using images found on the web, I might choose a license-aware user-agent over one that's not, since it would save me the trouble of checking whether use of each image was licensed in each case, and thus speed up my work. The behavior I'd want would be, say, if I pasted an image into a document, it would compare the characteristics of the document (intended future publication and licensing regime) to the license for each image, and put up a warning box for a mismatch, allowing me to dismiss the warning in cases that might be allowed but that the software is not smart enough to (or couldn't possibly) discriminate, such as fair use. This is very similar to the font scenario, as you describe it. Creative Commons has been developing its own approach to the same problem: http://wiki.creativecommons.org/CC_REL But this feature should not be called 'restriction' or 'enforcement', it would be called 'compliance assistance' or 'license checking' and would be framed clearly as a user benefit. I think it's important to put the right spin on it, either by retaining the user-agent as working on behalf of the user, or by giving up on that and articulating exactly who is being served by a piece of software being written in a particular way (again, no value judgment). > If someone is using a font outside its license, or for which they do not have a license but should, that is entirely the domain of the legal system between the font producer and the person using it. The user agent is not required to act on behalf of the legal system. > > However, many licenses for webfonts require that a font licensed for a particular website be restricted to use on that site, on a reasonable-effort rather than cast-iron-guarantee sense. From-Origin provides a way to announce that intent. > > It is neither prevention nor enforcement, however. wget foo.woff will still fetch it. Right. I suppose it's all relative. If user-agent A allowed me to fetch an image, and user-agent B prevented me, and there were no law or contract legally preventing the fetch, I as user would naively say user-agent B is preventing me from looking at the image. Why then would I choose user-agent B over user-agent A? Am I just a good person who altruistically wants to lower servers' ISP bills? Maybe, I don't know. Even if this were a good idea, I would expect it to fail because someone using browser A would in the long have a competitive advantage over someone using browser B. (I think this repeats what Noah said.) I'm not saying I *want* to be able to launch DOS attacks, and I certainly don't want to do so accidentally, but how does managing bandwidth become the user's responsibility (or even the browser vendor's) rather than ... well, someone else's? Please don't read this as hostile; I'm just exploring. (BTW I followed up to www-tag instead of webapps intentionally both to reach the people I wanted to engage with (other TAG members) and because I think the kinds of discussions we tend to have on www-tag are not necessarily ones that a WG needs to suffer through.) Jonathan >>> From: "Anne van Kesteren" <annevk@opera.com> >>> Date: Tue, 01 Mar 2011 08:35:33 +0100 >>> To: "WebApps WG" <public-webapps@w3.org> > >>> More generally, having a way to prevent cross-origin embedding of >>> resources can be useful. In addition to license enforcement it can help >>> with: > > > -- > Chris Lilley Technical Director, Interaction Domain > W3C Graphics Activity Lead, Fonts Activity Lead > Co-Chair, W3C Hypertext CG > Member, CSS, WebFonts, SVG Working Groups
Received on Wednesday, 2 March 2011 14:41:43 UTC