mikesamuel at gmail.com
Wed Mar 6 13:04:20 PST 2013
2013/1/15 David Bruant <bruant.d at gmail.com>:
> Hi Mark,
> I have a couple of comments:
> * On the share-nothing model
> This comment goes beyond the paper, but I think is relevant for future work.
> share-nothing model has limitations. In my opinion, one of the reasons
> WebWorkers aren't used is that the share-nothing model imposes to copy data
> when one wants 2 WebWorkers to communicate.
> Rust introduced the notion of unique pointer  for equivalent reasons.
> Adding a notion of (implicit) ownership could be a lead to follow
> (especially for the event loop work in ES7). It would however create a
> breach in the uniform vat model which abstracts out whether 2 vats are on
> the same machine or not. But I think it's a worthwhile addition.
> * Web-key
> It's probably a nit, but worth mentioning. Web-keys like
> https://www.example.com/app/#mhbqcmmva5ja3 only work on the web with a web
> application taking the fragment and building another url like
> https://www.example.com/app/?s=mhbqcmmva5ja3 with it, because the fragment
> part of a URL is a client-side only thing and is never sent over the
Indeed. The spec even says that is specifically to prevent access
control based on fragments:
RFC 3986 says in section 3.5
this separate handling is often perceived to be a loss of
information, particularly for accurate redirection of references as
resources move over time, it also serves to prevent information
providers from denying reference authors the right to refer to
information within a resource selectively.
So a client that has a URI can make authorization decisions based on
the fragment, but the server, by design, cannot.
More information about the es-discuss