On Fri, Nov 13, 2009 at 6:45 PM, Devdatta <[email protected]> wrote: >>> >>> Some parts of the protocol are not clear to me. Can you please clarify >>> the following : >>> 1> In msg 1, what script context is the browser running in ? Site A or >>> Site B ? (in other words who initiates the whole protocol ?) >> >> Server A, or a bookmark. > > Wasn't Maciej's original scenario that of a user going to Site B (an > event's site) and adding stuff to his calendar at A ? In such a > scenario, the complete protocol should ideally start with B.
There are two parts to Maciej's scenario: the access grant (get permission to use the calendar) and the use of access (add an event to the calendar). Maciej starts the first at Server A (the calendar site) and the second at Server B (the upcoming events site). Our proposed solution does the same as Maciej's proposal. See: http://sites.google.com/site/guestxhr/maciej-challenge If you want to try working on a different scenario that starts both steps at Server B, that's fine. With the same techniques applied in Maciej's scenario, you should be able to construct a solution to the new scenario. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
