[whatwg] Re: Cross Domain Policies

Malcolm Rowe malcolm-what at farside.org.uk
Sat Jul 24 09:35:17 PDT 2004


Doron Rosenberg writes:
> [...] a web services hosting
> domain can allow cross domain calls to it, controlled via an XML file

fwiw, one disadvantage of this approach is that it relies on the existence 
of a particular file at the root directory. The problems with this method 
are: 

* It assumes that "one hostname = one web 'site'", where 'site' is an 
administrative grouping. There's no way to delegate responsibility closer to 
the user of the functionality. 

* It pollutes the URI namespace, which should be under the control of the 
site's owner. 

This is W3C TAG issue siteData-36. References:
http://www.w3.org/2001/tag/issues.html#siteData-36
http://www.tbray.org/ongoing/When/200x/2003/02/27/Websites
http://www.tbray.org/ongoing/When/200x/2004/01/08/WebSite36 

> Would the WhatWG be the right place to standardize this?  It could be
> made more generic than just Web Services,

If WHATWG was to pick some of this up, I think that they should try to avoid 
the problems mentioned above, or, if at all possible, work with the TAG to 
help explore some possible solutions to the general issue. 

Regards,
Malcolm


More information about the whatwg-whatwg.org mailing list