I agree with Peter. I feel this exists outside the scope of SOFEA.
That doesn't stop me from wanting it.
Kris, I haven't been keeping up with it; has anyone implemented it? I
know opera and IE 8 have cross document messaging.
On Sep 18, 5:12 pm, "Kris Zyp" <
kris...@gmail.com> wrote:
> Are you guys talking about something different than the effort that browser vendors have been working on (and implementing) for the last few years to create secure cross-site loading mechanism:
http://www.w3.org/TR/access-control/
> Kris
>
> ----- Original Message -----
> From: Ganesh and Sashi Prasad
> To:
so...@googlegroups.com
> Sent: Thursday, September 18, 2008 4:04 PM
> Subject: Fwd: SOFEA & Single Origin Policy?
>
> For what it's worth, this is what I said to Ramkumar.
>
> Regards,
> Ganesh
>
> ---------- Forwarded message ----------
> From: Ganesh and Sashi Prasad <
g.c.pra...@gmail.com>
> Date: 2008/9/19
> Subject: Re: SOFEA & Single Origin Policy?
> To: Ramkumar KB <
ramkuma...@gmail.com>
>
> Hi Ramkumar,
>
> Thanks for your mail. You're right, SOP is a pain in that respect. But there are workarounds:
>
> 1. Subdomains (The application is downloaded from a download server athttp://somecompany.comand makes Data Interchange calls tohttp://
service-module-x.somecompany.com. This restricts services to being within the same organisation but that's a fairly frequent use case.)
> 2. Proxies (The organisation providing the application also sets up a proxy server like Ninja proxy that provides a same-domain facade to external services. That may open a security hole even if the organisation vets the service providers, because they could be compromised.)
> 3. Rich clients instead of browsers (Flash, Java WebStart, Silverlight, etc. don't have the SOP restriction.)
>
> There is a lot of discussion happening around the restrictions of SOP, and the browser makers may one day agree on a standard under which the main module will bundle a special file that will securely authorise other URIs that may be allowed to modify its DOM structures.
>
> I'm discussing the SOP issue with a few other people, and we will probably propose something along these lines for implementation by browsers. I hope you will add your voice to push for its adoption.
>
> Regards,
> Ganesh
>
> 2008/9/18 Ramkumar KB <
ramkuma...@gmail.com>