[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)

Adam Barth cap-talk at adambarth.com
Fri Jun 26 18:01:48 EDT 2009

On Fri, Jun 26, 2009 at 2:44 PM, <ihab.awad at gmail.com> wrote:
> Ok, so essentially the protection is not for the Google Finance
> service in general, but rather for the Google Finance service at a
> *specific* QoS level, namely, "direct client access". Would you agree
> with this statement?

I'm not sure there's a clean distinction between qualify of service
and service, but that seems like a reasonable way of understanding the

> One question I have is this: How does Acme arrange for the end-user to
> have the proper cookies so that they are properly authorized when they
> gain access to Google Finance?

I wasn't imagining that any cookies were involved.  Why I stated the
steps for finance.google.com, I stated the complete protocol.  Notice
that I said nothing about cookies.

> The only way I can imagine this to be
> the case (and this is likely wrong so please bear with, and correct,
> me) is:

You seem to be assuming a particular business model.  It might be
helpful to imagine ACME Finance paying a monthly fee for
all-you-can-eat stock ticker information.  Alternatively, you can
imagine that Google Finance requires ACME to sign a terms of use
agreement before offering the service (e.g., you can't use the stock
ticker information to overthrow duly elected members of parliament).

> How does this formulation compare with your model?

My model does not include Alice.


More information about the cap-talk mailing list