W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2009

Re: Origin vs Authority; use of HTTPS (draft-nottingham-site-meta-01)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 23 Feb 2009 13:14:00 +1100
Cc: Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
Message-Id: <259BC93E-3AF5-4834-B58A-75B636FB23F2@mnot.net>
To: Adam Barth <w3c@adambarth.com>
Hi Adam,

I'm collecting changes for the next rev of the draft, and found this  

On 12/02/2009, at 7:31 AM, Adam Barth wrote:

> Here's what I recommend:
> 1) Change the scope of the host-meta to default to the origin of the
> URL from which it was retrieved (as computed by the algorithm in
> draft-abarth-origin).

A common use case (we think) will be to have <http://www.us.example.com/host-meta 
 > HTTP redirect to <http://www.hq.example.com/host-meta>, or some  
other URI that's not on the same origin (as you defined it).

I think that the disconnect here is that your use case for 'origin'  
and this one -- while similar in many ways -- differ in this one, for  
good reasons.

We still intend, BTW, to re-introduce the protocol used to the mix, to  
disambiguate that point. It's just the redirect handling that's  

As such, I'm wondering whether or not it's useful to use the term  
'origin' in this draft -- potentially going as far as renaming it  
(again!) to /origin-meta, although Eran is a bit concerned about  
confusing early adopters (with good cause, I think).

What are your thoughts?


Mark Nottingham     http://www.mnot.net/
Received on Monday, 23 February 2009 02:14:43 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:31 UTC