CDR: description of current web security model has problems
"Currently, the common approach used is to restrict access across
documents or network interfaces to material which comes from the same
source as the code which tries to make that access."
- This sentence is not grammatically correct English.
- The claim made by the sentence is not correct. Access is based on
the domain (and protocol and port) of the documents in the context of
which the code is executing. It ignores where the code comes from, if
site other than that which the document came from.
"This makes it difficult to re-use resources on the Web, by requiring
a copy to be held in the domain of each application which uses that
and html files can all be included from other sites. The difficulty
only occurs when you wish to read the contents of such documents.
There is no client-side technology that two sites could use to
"This breaks cacheability, potentially reduces maintainability, and
requires services to maintain the entire service rather than taking
full advantage of specialised third-party providers."
- I'm not buying these claims but ok - does this spec propose doing
anything different in this regard? Does it propose that access to
different documents *not* be restricted based on domain/scheme/port