I'm not really convinced we need all of http://dev.w3.org/2006/waf/UMP/
to handle the simple use case it is for. I think UMP can be layered on top of CORS by simply letting the origin be a unique identifier and always have the credentials flag be false. A new constructor could be used for XMLHttpRequest -- maybe called AnonXMLHttpRequest() -- to enable this behavior.
Since most people in the WG seem to think we should have both UMP and CORS this solution seems much more straightforward and practical.
Thoughts? -- Anne van Kesteren http://annevankesteren.nl/