On Mon, Feb 23, 2009 at 3:05 PM, Breno de Medeiros <br...@google.com> wrote: > crossdomain.xml was introduce to support a few specific applications > (notably flash), and it did not take into account the security requirements > of the application context. Tough.
I'm suggesting we learn from their mistakes instead of making the same mistakes ourselves. > Because at this point there is no consensus what a general delegation > mechanism would look like. Quite possibly, this might be > application-specific. Why not handle delegation at the application layer instead of using HTTP redirects for delegation? > The alternative is to write a spec that > introduces complexity to solve problems that we conjecture might exist in > yet-to-be-developed applications. The risk then is that the spec will not > see adoption, or that implementors will deploy partial spec compliance in > ad-hoc fashion, which is also a danger to interoperability. Great. Let's remove the complexity of following redirects. Adam