discovery-api/Overview.html
changeset 483 140b6c8d4c18
parent 480 f3ea6558ffe1
child 484 608edb43c84d
     1.1 --- a/discovery-api/Overview.html	Mon Oct 07 09:41:44 2013 +0300
     1.2 +++ b/discovery-api/Overview.html	Thu Oct 10 12:36:37 2013 +1100
     1.3 @@ -224,10 +224,10 @@
     1.4        </h1>
     1.5        <h2 property="dcterms:issued"
     1.6            datatype="xsd:dateTime"
     1.7 -          content="2013-10-06T16:06:07.000Z"
     1.8 -          id="w3c-editor-s-draft-07-october-2013">
     1.9 +          content="2013-10-09T14:32:43.000Z"
    1.10 +          id="w3c-editor-s-draft-10-october-2013">
    1.11          <abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published"
    1.12 -            datetime="2013-10-07">07 October 2013</time>
    1.13 +            datetime="2013-10-10">10 October 2013</time>
    1.14        </h2>
    1.15        <dl>
    1.16          <dt>
    1.17 @@ -540,8 +540,8 @@
    1.18          "#dfn-service-discovery-mechanisms"
    1.19             class="internalDFN">service discovery mechanisms</a> included in this recommendation, attempts to match the
    1.20             requested service type to a discovered service according to the processing described herein. Only
    1.21 -           Local-networked Services that pass a <a href="#dfn-cors-preflight-check"
    1.22 -           class="internalDFN">CORS preflight check</a> should be made available to web pages by a user agent. A user
    1.23 +           Local-networked Services that pass a <a href="#dfn-preliminary-cors-check"
    1.24 +           class="internalDFN">preliminary CORS check</a> should be made available to web pages by a user agent. A user
    1.25             agent may provide a way for users to white-list non-CORS enabled Local-networked Services but implementation
    1.26             of such a feature is left to the discretion of the implementer.
    1.27        </p>
    1.28 @@ -854,16 +854,14 @@
    1.29          <p>
    1.30            A <a href="#dfn-user-agent"
    1.31               class="internalDFN">user agent</a> <em class="rfc2119"
    1.32 -             title="MUST">MUST</em> allow web pages to connect only with Local-networked Services that have passed a
    1.33 -             <a href="#dfn-cors-preflight-check"
    1.34 -             class="internalDFN">CORS preflight check</a> indicating they support Cross-Origin Resource Sharing
    1.35 +             title="SHOULD">SHOULD</em> only allow web pages to connect with Local-networked Services that have passed
    1.36 +             a <a href="#dfn-preliminary-cors-check"
    1.37 +             class="internalDFN">preliminary CORS check</a> indicating they support Cross-Origin Resource Sharing
    1.38               [<cite><a class="bibref"
    1.39 -             href="#bib-CORS">CORS</a></cite>] during the <a href="#dfn-service-discovery-mechanisms"
    1.40 -             class="internalDFN">service discovery mechanisms</a> provided in this specification. In this way, a
    1.41 -             <a href="#dfn-user-agent"
    1.42 +             href="#bib-CORS">CORS</a></cite>]. In this way, a <a href="#dfn-user-agent"
    1.43               class="internalDFN">user agent</a> <em class="rfc2119"
    1.44 -             title="MUST NOT">MUST NOT</em> allow web pages to access other arbitrary networked services on the current
    1.45 -             local network.
    1.46 +             title="SHOULD NOT">SHOULD NOT</em> allow web pages to access other arbitrary networked services on the
    1.47 +             current local network.
    1.48          </p>
    1.49          <p>
    1.50            A <a href="#dfn-user-agent"
    1.51 @@ -1054,14 +1052,26 @@
    1.52                <ol class="rule">
    1.53                  <li>For each <var>requested control type</var> in <var>requested control types</var>: If <var>available
    1.54                  service</var>'s <code>type</code> attribute equals the <var>requested control type</var> then let <var>
    1.55 -                  matched service</var> equal the value of <var>available service</var> and continue at the step
    1.56 -                  labeled <var>attach</var> below.
    1.57 +                  matched service</var> equal the value of <var>available service</var>. Otherwise, abort the remaining
    1.58 +                  sub-steps and continue above at the next <var>available service</var>.
    1.59                  </li>
    1.60 -                <li>Continue at the next <var>available service</var>.
    1.61 -                </li>
    1.62 -                <li>
    1.63 -                  <em>Attach</em>: If <var>matched service</var> is not empty then run the following steps:
    1.64 +                <li>If <var>matched service</var> is not empty then run the following steps:
    1.65                    <ol class="rule">
    1.66 +                    <li>Let <var>CORS check result</var> be the result of running the <a href=
    1.67 +                    "#dfn-preliminary-cors-check"
    1.68 +                          class="internalDFN">preliminary CORS check</a> algorithm, passing in <var>matched
    1.69 +                          services</var>'s <code>url</code> attribute as the <var>control endpoint URL</var> argument
    1.70 +                          and the <a href=
    1.71 +                          "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
    1.72 +                          class="externalDFN">entry script</a>'s <a href=
    1.73 +                          "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
    1.74 +                          class="externalDFN">origin</a> as the <var>request origin</var> argument.
    1.75 +                    </li>
    1.76 +                    <li>If <var>CORS check result</var> is not <code>pass</code> and <var>matched service</var>'s
    1.77 +                    <code>type</code> attribute is also not present in the <a href="#dfn-network-services-whitelist"
    1.78 +                          class="internalDFN">network services whitelist</a> then abort the remaining sub-steps and
    1.79 +                          continue above at the next <var>available service</var>.
    1.80 +                    </li>
    1.81                      <li>Let <var>new service object</var> be a new <a href=
    1.82                      "#networkservice"><code>NetworkService</code></a> object, mapping the parameters of <var>matched
    1.83                      service</var> to this new object where possible.
    1.84 @@ -1191,9 +1201,55 @@
    1.85                 class="externalDFN">user interaction task source</a>.
    1.86            </p>
    1.87            <p>
    1.88 +            The <dfn id="dfn-preliminary-cors-check">preliminary CORS check</dfn> algorithm determines whether a
    1.89 +            Local-networked Service supports Cross-Origin Resource Sharing [<cite><a class="bibref"
    1.90 +               href="#bib-CORS">CORS</a></cite>] as part of a call to the <a href=
    1.91 +               "#dom-navigator-getnetworkservices"><code>getNetworkServices()</code></a> method, prior to that service
    1.92 +               being proposed for sharing to users and prior to active sharing with web pages. This algorithm takes two
    1.93 +               arguments, <var>control endpoint URL</var> and <var>request origin</var>, and consists of running the
    1.94 +               following steps:
    1.95 +          </p>
    1.96 +          <ol class="rule">
    1.97 +            <li>Let <var>CORS available check</var> be the result of applying the <a href=
    1.98 +            "http://www.w3.org/TR/cors/#make-a-request-steps"
    1.99 +                  class="externalDFN">make a request steps</a> [<cite><a class="bibref"
   1.100 +                 href="#bib-CORS">CORS</a></cite>], setting the <a href="http://www.w3.org/TR/cors/#request-method"
   1.101 +                  class="externalDFN">request method</a> to <code>OPTIONS</code>, the <a href=
   1.102 +                  "http://www.w3.org/TR/cors/#request-url"
   1.103 +                  class="externalDFN">request URL</a> to <var>control endpoint URL</var>, the <a href=
   1.104 +                  "http://www.w3.org/TR/cors/#source-origin"
   1.105 +                  class="externalDFN">source origin</a> to <var>request origin</var>, setting the <a href=
   1.106 +                  "http://www.w3.org/TR/cors/#omit-credentials-flag"
   1.107 +                  class="externalDFN">omit credentials flag</a> to <code>true</code> and including an <a href=
   1.108 +                  "http://www.w3.org/TR/cors/#http-access-control-request-method"
   1.109 +                  class="externalDFN"><code>Access-Control-Request-Method</code></a> header with a value of
   1.110 +                  <code>GET</code>.
   1.111 +            </li>
   1.112 +            <li>If <var>CORS available check</var> is cancelled by the user, or it results in a network error, or its
   1.113 +            response does not have an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> status code of
   1.114 +            <code>200</code> then abort any remaining steps and return <code>fail</code>.
   1.115 +            </li>
   1.116 +            <li>Return the result of running the <a href="http://www.w3.org/TR/cors/#resource-sharing-check"
   1.117 +                  class="externalDFN">resource sharing check</a> [<cite><a class="bibref"
   1.118 +                 href="#bib-CORS">CORS</a></cite>] against the successful <abbr title=
   1.119 +                 "Hypertext Transfer Protocol">HTTP</abbr> response of the <var>CORS available check</var>.
   1.120 +              <div class="note">
   1.121 +                <div class="note-title"
   1.122 +                     aria-level="3"
   1.123 +                     role="heading"
   1.124 +                     id="h_note_1">
   1.125 +                  <span>Note</span>
   1.126 +                </div>
   1.127 +                <p class="">
   1.128 +                  This returned result will always be either <code>pass</code> or <code>fail</code>.
   1.129 +                </p>
   1.130 +              </div>
   1.131 +            </li>
   1.132 +          </ol>
   1.133 +          <p>
   1.134              There is no implied persistence to networked service sharing provided to a web page. It <em class="rfc2119"
   1.135 -               title="MUST NOT">MUST NOT</em> be possible to access a previously white-listed networked service without
   1.136 -               user authorization in all of the following cases:
   1.137 +               title="MUST NOT">MUST NOT</em> be possible to access a networked service previously granted to a web
   1.138 +               page without user authorization in all of the following cases:
   1.139            </p>
   1.140            <ul>
   1.141              <li>If the current script is reloaded at any point in the same or different window.
   1.142 @@ -1396,7 +1452,7 @@
   1.143            <div class="note-title"
   1.144                 aria-level="3"
   1.145                 role="heading"
   1.146 -               id="h_note_1">
   1.147 +               id="h_note_2">
   1.148              <span>Note</span>
   1.149            </div>
   1.150            <p class="">
   1.151 @@ -1897,49 +1953,6 @@
   1.152             class="internalDFN">removing an available service</a>, passing in the expired service record's
   1.153             <code>id</code> attribute as the only argument.
   1.154        </p>
   1.155 -      <p>
   1.156 -        The <dfn id="dfn-cors-preflight-check">CORS preflight check</dfn> algorithm determines whether a
   1.157 -        Local-networked Service supports Cross-Origin Resource Sharing [<cite><a class="bibref"
   1.158 -           href="#bib-CORS">CORS</a></cite>] prior to that service being proposed for sharing to users and prior to
   1.159 -           active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and
   1.160 -           consists of running the following steps:
   1.161 -      </p>
   1.162 -      <ol class="rule">
   1.163 -        <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
   1.164 -        "http://www.w3.org/TR/cors/#cross-origin-request-status"
   1.165 -              class="externalDFN">cross-origin request status</a> [<cite><a class="bibref"
   1.166 -             href="#bib-CORS">CORS</a></cite>] after performing a <a href=
   1.167 -             "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
   1.168 -              class="externalDFN">cross-origin request with preflight</a> [<cite><a class="bibref"
   1.169 -             href="#bib-CORS">CORS</a></cite>] towards the <var>control endpoint URL</var> with the <a href=
   1.170 -             "http://www.w3.org/TR/cors/#source-origin"
   1.171 -              class="externalDFN">source origin</a> [<cite><a class="bibref"
   1.172 -             href="#bib-CORS">CORS</a></cite>] set to the public IP address of the current machine, terminating this
   1.173 -             algorithm at Step 2 (when <a href="http://www.w3.org/TR/cors/#cross-origin-request-status"
   1.174 -              class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
   1.175 -              prior error has occurred in the algorithm).
   1.176 -        </li>
   1.177 -        <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
   1.178 -        <code>pass</code>. Otherwise, return <code>fail</code>.
   1.179 -        </li>
   1.180 -      </ol>
   1.181 -      <p>
   1.182 -        User agents <em class="rfc2119"
   1.183 -           title="SHOULD">SHOULD</em> re-run the <a href="#dfn-cors-preflight-check"
   1.184 -           class="internalDFN">CORS preflight check</a> algorithm against service endpoint URLs when their <a href=
   1.185 -           "http://www.w3.org/TR/cors/#cache-max-age"
   1.186 -           class="externalDFN">max-age</a> [<cite><a class="bibref"
   1.187 -           href="#bib-CORS">CORS</a></cite>] entry in the <a href="http://www.w3.org/TR/cors/#preflight-result-cache"
   1.188 -           class="externalDFN">preflight result cache</a> [<cite><a class="bibref"
   1.189 -           href="#bib-CORS">CORS</a></cite>] exceeds the current time. If this subsequent execution of the <a href=
   1.190 -           "#dfn-cors-preflight-check"
   1.191 -           class="internalDFN">CORS preflight check</a> algorithm returns <code>fail</code> then the <a href=
   1.192 -           "#dfn-user-agent"
   1.193 -           class="internalDFN">user agent</a> <em class="rfc2119"
   1.194 -           title="MUST">MUST</em> run the general rule for <a href="#dfn-removing-an-available-service"
   1.195 -           class="internalDFN">removing an available service</a> passing in the associated <var>network service
   1.196 -           record</var>'s <code>id</code> attribute as the only argument.
   1.197 -      </p>
   1.198        <section id="zeroconf-mdns-dns-sd">
   1.199          <h3 aria-level="2"
   1.200              role="heading"
   1.201 @@ -1999,16 +2012,9 @@
   1.202                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   1.203                current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
   1.204                </li>
   1.205 -              <li>If the result of running the <a href="#dfn-cors-preflight-check"
   1.206 -                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
   1.207 -                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
   1.208 -                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
   1.209 -                    "#dfn-network-services-whitelist"
   1.210 -                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
   1.211 -                    "#dfn-adding-an-available-service"
   1.212 +              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
   1.213                      class="internalDFN">adding an available service</a>, passing in the current <var>network service
   1.214 -                    record</var> as the only argument. Otherwise, discard the current <var>network service
   1.215 -                    record</var>.
   1.216 +                    record</var> as the only argument.
   1.217                </li>
   1.218              </ol>
   1.219            </li>
   1.220 @@ -2248,16 +2254,9 @@
   1.221                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   1.222                current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
   1.223                </li>
   1.224 -              <li>If the result of running the <a href="#dfn-cors-preflight-check"
   1.225 -                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
   1.226 -                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
   1.227 -                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
   1.228 -                    "#dfn-network-services-whitelist"
   1.229 -                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
   1.230 -                    "#dfn-adding-an-available-service"
   1.231 +              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
   1.232                      class="internalDFN">adding an available service</a>, passing in the current <var>network service
   1.233 -                    record</var> as the only argument. Otherwise, discard the current <var>network service
   1.234 -                    record</var>.
   1.235 +                    record</var> as the only argument.
   1.236                </li>
   1.237              </ol>
   1.238            </li>
   1.239 @@ -2552,16 +2551,9 @@
   1.240                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   1.241                current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
   1.242                </li>
   1.243 -              <li>If the result of running the <a href="#dfn-cors-preflight-check"
   1.244 -                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
   1.245 -                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
   1.246 -                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
   1.247 -                    "#dfn-network-services-whitelist"
   1.248 -                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
   1.249 -                    "#dfn-adding-an-available-service"
   1.250 +              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
   1.251                      class="internalDFN">adding an available service</a>, passing in the current <var>network service
   1.252 -                    record</var> as the only argument. Otherwise, discard the current <var>network service
   1.253 -                    record</var>.
   1.254 +                    record</var> as the only argument.
   1.255                </li>
   1.256              </ol>
   1.257            </li>
   1.258 @@ -2710,7 +2702,7 @@
   1.259          <div class="note-title"
   1.260               aria-level="2"
   1.261               role="heading"
   1.262 -             id="h_note_2">
   1.263 +             id="h_note_3">
   1.264            <span>Note</span>
   1.265          </div>
   1.266          <p class="">
   1.267 @@ -3276,10 +3268,7 @@
   1.268          "World Wide Web Consortium">W3C</abbr> Device APIs Working Group, <abbr title=
   1.269          "World Wide Web Consortium">W3C</abbr> Web and TV Interest Group.
   1.270        </p>
   1.271 -    </section><style>
   1.272 -a.externalDFN { color: #00C; border-bottom: 1px dashed #00C; }
   1.273 -    a.internalDFN { color: #00C; text-decoration: solid; }
   1.274 -    </style>
   1.275 +    </section>
   1.276      <section id="references"
   1.277               class="appendix"
   1.278               typeof="bibo:Chapter"
   1.279 @@ -3387,6 +3376,9 @@
   1.280            </dd>
   1.281          </dl>
   1.282        </section>
   1.283 -    </section>
   1.284 +    </section><style>
   1.285 +a.externalDFN { color: #00C; border-bottom: 1px dashed #00C; }
   1.286 +    a.internalDFN { color: #00C; text-decoration: solid; }
   1.287 +    </style>
   1.288    </body>
   1.289  </html>