- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 23 Feb 2009 15:48:17 -0800
- To: Breno de Medeiros <breno@google.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Ben Laurie <benl@google.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "www-talk@w3.org" <www-talk@w3.org>
On Mon, Feb 23, 2009 at 3:05 PM, Breno de Medeiros <breno@google.com> wrote: > crossdomain.xml was introduce to support a few specific applications > (notably flash), and it did not take into account the security requirements > of the application context. Tough. I'm suggesting we learn from their mistakes instead of making the same mistakes ourselves. > Because at this point there is no consensus what a general delegation > mechanism would look like. Quite possibly, this might be > application-specific. Why not handle delegation at the application layer instead of using HTTP redirects for delegation? > The alternative is to write a spec that > introduces complexity to solve problems that we conjecture might exist in > yet-to-be-developed applications. The risk then is that the spec will not > see adoption, or that implementors will deploy partial spec compliance in > ad-hoc fashion, which is also a danger to interoperability. Great. Let's remove the complexity of following redirects. Adam
Received on Monday, 23 February 2009 23:48:54 UTC