[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
Adam Barth
cap-talk at adambarth.com
Fri Jun 26 17:27:56 EDT 2009
On Fri, Jun 26, 2009 at 2:15 PM, <ihab.awad at gmail.com> wrote:
> On Fri, Jun 26, 2009 at 10:02 AM, Adam Barth<cap-talk at adambarth.com> wrote:
>> 2) Google Finance would like to restrict which web sites can use the
>> API (e.g., to charge a fee, enforce a terms of use, etc.).
>
> The moment you discuss charging a fee, the ability to make valid
> requests to Google Finance is now an authority to cause observable
> behavior. This moves the discussion -- as would (I think) be defined
> by this list -- from one of confidentiality to one of integrity.
Ok. Imagine a flat-rate monthly fee, if you like.
> Taking your second statement first, I would claim Bob cannot *always*
> get the information from acme.com. In fact, Bob can do so only if he
> has the proper authority to use acme.com (e.g., if Bob has an account
> there, or if acme.com is a public Website available to everyone).
Ok. Imagine ACME is a web site that lets arbitrary folks create
accounts (like most sites on the web).
> Moving on to your first statement, I guess I [now - thank you]
> understand the letter of your problem statement, but I don't
> understand its spirit. What about the particular structure of the
> series of tubes ;) makes the "Bob posing as a Web browser from a Perl
> script on his server" a non-threat?
If he's going to proxy, he might as well proxy directly from Google Finance.
Adam
More information about the cap-talk
mailing list