- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 7 Feb 2008 01:33:43 +0000 (UTC)
- To: "Close, Tyler J." <tyler.close@hp.com>
- Cc: "L. David Baron" <dbaron@dbaron.org>, "public-appformats@w3.org" <public-appformats@w3.org>
On Thu, 7 Feb 2008, Close, Tyler J. wrote: > L. David Baron wrote: > > > > [...] This is already possible with things like the basic (map > > display) part of the Google Maps API only because there aren't > > cross-site restrictions on image loading [...] > > > > In what cases is accountability for actions needed for such > > fully-public resources? > > It may not be, in which case the user authentication cookies are also > not needed. So public resources could be safely accessed by a design > that did not send user cookies with the cross-___domain request. Sending > the cookies creates the issue of how to handle accountability. We'd still like cookies sent even for cross-site image requests for the Google Maps API, e.g. so that we can send user-personalised map tiles. For example, one could imagine that map tiles would be localised based on the user's preferences instead of based on geographic ___location or the embedder's language, in which case we'd need the cookie. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 7 February 2008 01:33:57 UTC