[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
Adam Barth
cap-talk at adambarth.com
Fri Jun 26 18:01:48 EDT 2009
On Fri, Jun 26, 2009 at 2:44 PM, <ihab.awad at gmail.com> wrote:
> Ok, so essentially the protection is not for the Google Finance
> service in general, but rather for the Google Finance service at a
> *specific* QoS level, namely, "direct client access". Would you agree
> with this statement?
I'm not sure there's a clean distinction between qualify of service
and service, but that seems like a reasonable way of understanding the
issue.
> One question I have is this: How does Acme arrange for the end-user to
> have the proper cookies so that they are properly authorized when they
> gain access to Google Finance?
I wasn't imagining that any cookies were involved. Why I stated the
steps for finance.google.com, I stated the complete protocol. Notice
that I said nothing about cookies.
> The only way I can imagine this to be
> the case (and this is likely wrong so please bear with, and correct,
> me) is:
You seem to be assuming a particular business model. It might be
helpful to imagine ACME Finance paying a monthly fee for
all-you-can-eat stock ticker information. Alternatively, you can
imagine that Google Finance requires ACME to sign a terms of use
agreement before offering the service (e.g., you can't use the stock
ticker information to overthrow duly elected members of parliament).
> How does this formulation compare with your model?
My model does not include Alice.
Adam
More information about the cap-talk
mailing list