On Thu, Apr 8, 2010 at 5:44 AM, Marcos Caceres <[email protected]> wrote: > To me personally, it only really makes sense for UMP to be merged into CORS. > Having both specs is confusing.
Given that we've created a superset-subset relationship between CORS and UMP, we don't have divergent specs for the same functionality; instead we simply have a modular spec. Splitting the spec this way is useful because the UMP subset is significantly smaller and the CORS superset involves additional, complicated security risks. > To have UMP as an optional add-on does not > feel right because of the DBAD issue. Indeed, DBAD is only relevant to CORS, so adding this complexity to UMP by putting it in the same document with the rest of CORS is confusing. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
