[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
Karp, Alan H
alan.karp at hp.com
Mon Jul 6 17:53:39 EDT 2009
Adam Barth wrote:
>
> Unless you can whistle to your modem, users don't make requests.
> Software makes requests (perhaps on behalf of users, but perhaps not).
>
Point taken.
>
> The service lets Acme Finance contact Google Finance directly from the
> user's browser (i.e., without proxying via acme.com). This is
> valuable to Acme.
>
Now I get it. Bob's Finance could get the same data from Google Finance without paying by making a direct request with an Origin of amce.com, but Bob's Finance would have to proxy requests. Acme Finance gains a competitive advantage by not needing to proxy. The user has no interest in running a specialized browser to pretend to be Acme Finance because Acme Finance provides some added value.
To your first point above, can the software making the request be a script on a page or a browser plug-in? If so, what prevents Bob's Finance from delivering to the user's browser software that will make requests as Acme Finance?
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list