Doug Schepers wrote:
> I'm not at all a security expert, or even particularly well-informed on
> the topic, but it does occur to me that most of CORS' opponents seem
> very much in the capability-based security camp [1], and may distrust or
> dislike something more "authentication-based" like CORS.
Doug Schepers wrote:
> Jonathan Rees wrote (on 10/23/09 5:04 PM):
>>
>> The brief summary of the debate is that Mark M is citing Tyler's
>> argument, and Mark's and Tyler's long experience with this kind of
>> thing, in predicting that any system with the currently described CORS
>> architecture wi
On Oct 23, 2009, at 7:16 PM, Jonas Sicking wrote:
- EventSource is not a very big implementation burden - the WebKit
patch to
add it was a couple dozen lines, which were mostly the event stream
parsing
code. So it's not too terrible if we have it, and XHR in the future
can do
similar th
Hi, Adam-
Thanks for the reply.
Adam Barth wrote (on 10/24/09 1:00 AM):
On Fri, Oct 23, 2009 at 5:29 PM, Doug Schepers wrote:
That's an interesting point... if the proponents or opponents of CORS did
more testing and modeling, would that satisfy concerns? Surely it couldn't
be hard to set
On Fri, Oct 23, 2009 at 5:29 PM, Doug Schepers wrote:
> That's an interesting point... if the proponents or opponents of CORS did
> more testing and modeling, would that satisfy concerns? Surely it couldn't
> be hard to set up a few common model architectures using CORS and announce
> them as tar
On Fri, 23 Oct 2009, Michael Nordman wrote:
>
> An area that may be worth exploring, that would add to the list things
> that go beyond syntactic sugar, could be for multiple documents to
> listen in on the same event-stream backed by the same connection to the
> server. This could reduce the t
mzu...@us.ibm.com wrote:
> We are changing 7.4.3 to:
>> > User agents often include features that enable Web content to update
>> > the user's bookmark file, e.g. through a JavaScript API. If
>> > permitted unchecked, these features can serve to confuse users by,
>> > e.g., placing a bookmark
On Fri, Oct 23, 2009 at 6:24 PM, Maciej Stachowiak wrote:
>
> On Oct 23, 2009, at 5:50 PM, Jonas Sicking wrote:
>
>> On Fri, Oct 23, 2009 at 3:21 PM, Maciej Stachowiak wrote:
>>>
>>> On Oct 23, 2009, at 1:44 PM, Jonas Sicking wrote:
>>>
I also continue to miss actual developer demand fo
On Oct 23, 2009, at 5:50 PM, Jonas Sicking wrote:
On Fri, Oct 23, 2009 at 3:21 PM, Maciej Stachowiak
wrote:
On Oct 23, 2009, at 1:44 PM, Jonas Sicking wrote:
I also continue to miss actual developer demand for server sent
events. Seems like it doesn't add a lot of sugar over simply using
On Oct 23, 2009, at 4:42 PM, Michael Nordman wrote:
I buy all of those advantages. This feature is a nice formalization
of the commonly used "hanging GET" found in many ajax applications.
Indeed, that's basically the point. It provides a reliable and
convenient interface to the "hanging
On Fri, Oct 23, 2009 at 3:21 PM, Maciej Stachowiak wrote:
> On Oct 23, 2009, at 1:44 PM, Jonas Sicking wrote:
>
>>
>> I also continue to miss actual developer demand for server sent
>> events. Seems like it doesn't add a lot of sugar over simply using
>> XMLHttpRequest and progress events. But aga
Hi, Jonathan-
Jonathan Rees wrote (on 10/23/09 5:04 PM):
Thanks for putting the situation in these terms; I like the form of
this analysis, even if am not sure I agree with the conclusion.
Thanks, I hope it helped.
The brief summary of the debate is that Mark M is citing Tyler's
argument,
On Fri, Oct 23, 2009 at 3:21 PM, Maciej Stachowiak wrote:
>
> On Oct 23, 2009, at 1:44 PM, Jonas Sicking wrote:
>
>
>> I also continue to miss actual developer demand for server sent
>> events. Seems like it doesn't add a lot of sugar over simply using
>> XMLHttpRequest and progress events. But a
On Oct 23, 2009, at 1:44 PM, Jonas Sicking wrote:
I also continue to miss actual developer demand for server sent
events. Seems like it doesn't add a lot of sugar over simply using
XMLHttpRequest and progress events. But again, I'm fine with
publishing a new WD.
Besides syntactic sugar, here
On Oct 23, 2009, at 10:30 AM, ext Nikunj R. Mehta wrote:
Fine for all except WebDatabase.
I notice that its present ED is virtually the same as its FPWD (modulo
a new section on data sensitivity). There is no movement on any of the
thorny issues - locking granularity, relational model and SQL
Comments below
On Thu, Oct 22, 2009 at 6:12 PM, Doug Schepers wrote:
> Let's take it a step further, and propose a worst-case scenario. Say that
> some undetected hypothetical vulnerability in CORS is discovered some years
> from now, with a degree of severity akin to CSRF.
>
> At that time, we
On Fri, Oct 23, 2009 at 1:01 PM, Maciej Stachowiak wrote:
>
> On Oct 23, 2009, at 5:19 AM, Arthur Barstow wrote:
>
>> This is a Call for Consensus (CfC) to publish new Working Drafts of the
>> following specs:
>>
>> 1. Server-Sent Events
>> http://dev.w3.org/html5/eventsource/
>>
>> 2. Web Databas
I also support publishing a new WD on all of these.
2009/10/23 Maciej Stachowiak
>
> On Oct 23, 2009, at 7:30 AM, Nikunj R. Mehta wrote:
>
> Fine for all except WebDatabase.
>>
>> I notice that its present ED is virtually the same as its FPWD (modulo a
>> new section on data sensitivity). There
That's very interesting, thanks!
> -Original Message-
> From: w3c-mmi-wg-requ...@w3.org
> [mailto:w3c-mmi-wg-requ...@w3.org] On Behalf Of Jonas Sicking
> Sent: Friday, October 23, 2009 4:18 PM
> To: Deborah Dahl
> Cc: ingmar.kli...@telekom.de; olli.pet...@helsinki.fi;
> public-webapps@w
Dear Adam Barth ,
The Web Security Context Working Group has reviewed the comments you sent
[1] on the Last Call Working Draft [2] of the Web Security Context: User
Interface Guidelines published on 26 Feb 2009. Thank you for having taken
the time to review the document and to send us comments!
On Fri, Oct 23, 2009 at 11:17 AM, Deborah Dahl
wrote:
> Just a quick follow-up about WebSockets -- do you have
> any sense of when implementations might start to
> be available in browsers?
There's a patch for Firefox already. It'll probably take in the order
of a couple of weeks to get it review
On Oct 23, 2009, at 7:30 AM, Nikunj R. Mehta wrote:
Fine for all except WebDatabase.
I notice that its present ED is virtually the same as its FPWD
(modulo a new section on data sensitivity). There is no movement on
any of the thorny issues - locking granularity, relational model and
SQL
On Oct 23, 2009, at 5:19 AM, Arthur Barstow wrote:
This is a Call for Consensus (CfC) to publish new Working Drafts of
the following specs:
1. Server-Sent Events
http://dev.w3.org/html5/eventsource/
2. Web Database
http://dev.w3.org/html5/webdatabase/
3. Web Sockets API
http://dev.w3.org/h
Just a quick follow-up about WebSockets -- do you have
any sense of when implementations might start to
be available in browsers?
> -Original Message-
> From: w3c-mmi-wg-requ...@w3.org
> [mailto:w3c-mmi-wg-requ...@w3.org] On Behalf Of
> ingmar.kli...@telekom.de
> Sent: Friday, October 23
Fine for all except WebDatabase.
I notice that its present ED is virtually the same as its FPWD (modulo
a new section on data sensitivity). There is no movement on any of the
thorny issues - locking granularity, relational model and SQL dialect.
I am not sure what benefit is to be achieved
Olli,
thanks for pointing this out. The Multimodal WG has looked into whats
available on WebSockets and indeed it seems to be a good candidate to be
used as a transport mechanic for distributed multimodal applications.
-- Ingmar.
> -Original Message-
> From: Olli Pettay [mailto:olli.p
Below is an email from Henry Thompson re CORS that I am forwarding
with HT's permission.
-Regards, Art Barstow
Begin forwarded message:
From: "ext Henry S. Thompson"
Date: October 22, 2009 2:18:55 PM EDT
To: "Barstow Art (Nokia-CIC/Boston)"
Subject: CORS still not getting to closure
-
On Oct 23, 2009, at 14:19 , Arthur Barstow wrote:
This is a Call for Consensus (CfC) to publish new Working Drafts of
the following specs:
1. Server-Sent Events
http://dev.w3.org/html5/eventsource/
2. Web Database
http://dev.w3.org/html5/webdatabase/
3. Web Sockets API
http://dev.w3.org/html
This is a Call for Consensus (CfC) to publish new Working Drafts of
the following specs:
1. Server-Sent Events
http://dev.w3.org/html5/eventsource/
2. Web Database
http://dev.w3.org/html5/webdatabase/
3. Web Sockets API
http://dev.w3.org/html5/websockets/
4. Web Storage
http://dev.w3.org
- in November (see [1] for some
related discussion with Hixie).
-Regards, Art Barstow
[1] http://krijnhoetmer.nl/irc-logs/webapps/20091023
On Thu, 22 Oct 2009 20:00:02 +0200, Henry S. Thompson
wrote:
Sorry for the delay -- the discussion has clarified the current
relevance of client-side implementations, and as far as that goes the
TAG is happy.
We do assume that demonstrating interoperable server-side
implementation will be a ne
On Oct 22, 2009, at 18:25 , David Rogers wrote:
Given that Marcin and Marcos appear to have resolved this on the
mailing
lists, I would like to support LC publication as soon as possible.
Thoughts anyone?
+1
Sorry for missing the call, I wasn't operational.
--
Robin Berjon - http://berjon.c
On Oct 22, 2009, at 23:40 , Arthur Barstow wrote:
The deadline for comments is October 26 which is shorter than usual
but we want this spec to be published before the TPAC publication
moratorium.
We support publishing this ASAP.
--
Robin Berjon - http://berjon.com/
2009/10/22 Marcin Hanclik :
> Hi Marcos, All,
>
>>>It seems more logical to me to not
>>>treat it as an extension. Look at all the .whatever files on your
>>>system. I bet you 2 beers that 99% will be text files. And I bet you
>>>will ".whatever.ext" will identify a type (like .something.plist).
>
Thanks Art,
OMTP are happy to proceed.
Thanks,
David.
-Original Message-
From: public-webapps-requ...@w3.org
[mailto:public-webapps-requ...@w3.org] On Behalf Of Arthur Barstow
Sent: 22 October 2009 22:40
To: public-webapps
Subject: [widgets] CfC to publish LCWD#3 of the Packaging and
C
35 matches
Mail list logo