W3C home > Mailing lists > Public > www-tag@w3.org > April 2016

Re: Comment on minutes ## With Credentials flag etc

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 1 Apr 2016 20:29:47 +0100
Cc: Jonas Sicking <jonas@sicking.cc>, Mark Nottingham <mnot@mnot.net>, Public TAG List <www-tag@w3.org>
Message-Id: <58CE2104-9596-4600-BF85-23E89D033EE6@bblfish.net>
To: Tim Berners-Lee <timbl@w3.org>

> On 1 Apr 2016, at 19:26, Tim Berners-Lee <timbl@w3.org> wrote:
> 
>> 
>> On 2016-01 -21, at 01:24, Jonas Sicking <jonas@sicking.cc> wrote:
>> 
>> On Mon, Jan 18, 2016 at 3:27 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>> ... or at least the motivations behind the decisions explained. It's pretty impenetrable now, and even security folks don't profess to know all of the details behind CORS any more.
>> 
>> I'm bummed to hear that aspects of CORS is still confusing even to the
>> TAG. This stuff likely needs to get documented someplace. I had hoped
>> that it'd get documented in the spec, but maybe there's a better
>> place?
> 
> Perhaps the problems are that it is complicated, rather arbitrary, and not derived from general principles..

My guess is that to build this on general principles it would be useful to work with
some form of modal logic, eg. doxastic logic [1]. Perhaps this has allready been
done. We have a number of actors that are part of the protocol:

 a. the origin agent O
 b. the browser B
 c. the web server S 
 d. the resource R

The browser needs to tell the web server that a request is not coming from it, but
that it is relaying the information from a JS actor named by the origin of the JS.

So something like B is relaying that O wants access X to resource R.

This could be formalised and then the reasons of the decisions might become clearer.
It took me quite a lot of thinking before it became clear what some of the reasons 
for some of the decisions might be...

Henry

[1] https://en.wikipedia.org/wiki/Doxastic_logic
Received on Friday, 1 April 2016 19:30:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:13 UTC