On Wed, Feb 11, 2009 at 1:04 PM, Breno de Medeiros <br...@google.com> wrote: > I have to say that the current known use-cases for site-meta are: > > 1. Security critical ones, but for server-to-server discovery uses (not > browser mediated) > > 2. Semantic ones, for user consumption, of an informative rather than > security-critical nature. These use cases may be handled by browsers.
Why not address security metadata for user-agents? For example, it would be eminently useful to be able to express X-Content-Type-Options [1] and X-Frame-Options [2] in a centralized metadata store instead of wasting bandwidth on every HTTP response (as Google does for X-Content-Type-Options). I don't think anyone doubts that we're going to see a proliferation of this kind of security metadata, e.g., along the lines of [3]. I don't see the point of making a central metadata store that ignores these important use cases. Adam [1] http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx [2] https://blogs.msdn.com/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx [3] http://people.mozilla.org/~bsterne/content-security-policy/