On Apr 12, 2010, at 10:33 AM, Tyler Close wrote:
On Mon, Apr 12, 2010 at 6:49 AM, Arthur Barstow
<art.bars...@nokia.com> wrote:
Maciej, Tyler - thanks for continuing this discussion. I think it
would be
helpful to have consensus on what we mean by subsetting in this
context.
(Perhaps the agreed definition could be added to the CORS and UMP
Comparison
[1].)
I've added a new section to the wiki page, "UMP as subset of CORS":
http://www.w3.org/Security/wiki/Comparison_of_CORS_and_UMP#UMP_as_subset_of_CORS
I do not think the set of subset criteria posted there matches what I
proposed and what we've been discussing in this thread. Should I put
some abbreviated form of my proposal in the wiki? I am not sure what
the conventions are for editing this wiki page.
I think the points you make on the wiki about cross-endangerment are
good, but they are not really subset criteria, that's a property we
want for any two Web platform features, and it could be achieved with
a strategy of making things completely different instead of the subset
strategy. They do represent relations that we should maintain however.
I think even taken together, your set of subset conditions does
guarantee that a CORS client implementation is automatically also a
UMP client implementation. If we went that way, then we would have to
consider whether there will ever be client implementors of UMP itself,
or it will be impossible to fulfill CR exit criteria.
Regards,
Maciej