On 9/16/10 6:17 PM, Nathan wrote:
Marcos Caceres wrote:
On Fri, Sep 3, 2010 at 7:52 PM, Nathan <nat...@webr3.org> wrote:
Hi All,
Simply wondering why WARP, Widgets Updates and Digital Signatures aren't
used to deploy js applications which run in the main browser context?
I guess because they all have counterparts on the Web stack:
WARP is the widget equiv. of XHR 2 + CORS
Do WARP and XHR2+CORS not address different issues, where WARP requests
access from the user agent to retrieve a network resources, and CORS
requests access from the network resources?
Yep, you are right. But for practical purposes (accessing data from
multiple sources to mush into something useful), they are kinda the same.
Widget Updates is the widget equiv of HTML5 manifest or HTTP expiries.
Cool, I follow what you're saying and will spend some time getting up to
date on manifests :)
Dig Sig is the equiv. of HTTPS
Need to think about that one more, surely one widgets-digsig allows a
package to be distributed through multiple channels and is somewhat akin
to typical code/application signing solutions on the desktop, whereas
HTTP+TLS is just that, message delivery over TLS.
HTTPS is more then that. It also lets you know if the site your are
looking at is verified by some CA (which gives you some level of trust).
seems
like a nice solution that would work webscale, and which would provide
further user security, identification of trusted apps and cover the
other
half of CORS which is informing and protecting the user.
Perhaps one of the vendors has already implemented in the main context?
Hope that helps.
Indeed it does somewhat, I'd been putting off wrapping my head round
manifests so will get up to date,
Cheers,
Nathan
--
Marcos Caceres
Opera Software
