Add CORS as the primary network service opt-in mechanism for the NSD API specification
authorRich Tibbett <richt@opera.com>
Mon, 07 Oct 2013 14:07:57 +1100
changeset 480 f3ea6558ffe1
parent 479 8e660ae0694c
child 481 674b477d1ee5
Add CORS as the primary network service opt-in mechanism for the NSD API specification
discovery-api/Overview.html
discovery-api/Overview.src.html
--- a/discovery-api/Overview.html	Sat Sep 28 11:13:44 2013 -0400
+++ b/discovery-api/Overview.html	Mon Oct 07 14:07:57 2013 +1100
@@ -205,6 +205,7 @@
           href="https://www.w3.org/StyleSheets/TR/W3C-ED">
   </head>
   <body class="h-entry"
+        style=""
         role="document"
         id="respecDocument">
     <div class="head"
@@ -223,10 +224,10 @@
       </h1>
       <h2 property="dcterms:issued"
           datatype="xsd:dateTime"
-          content="2013-09-05T11:58:47.000Z"
-          id="w3c-editor-s-draft-05-september-2013">
+          content="2013-10-06T16:06:07.000Z"
+          id="w3c-editor-s-draft-07-october-2013">
         <abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published"
-            datetime="2013-09-05">05 September 2013</time>
+            datetime="2013-10-07">07 October 2013</time>
       </h2>
       <dl>
         <dt>
@@ -294,6 +295,55 @@
         within the current network.
       </p>
     </section>
+    <section id="sotd"
+             class="introductory"
+             typeof="bibo:Chapter"
+             resource="#sotd"
+             rel="bibo:chapter">
+      <h2 aria-level="1"
+          role="heading"
+          id="h2_sotd">
+        Status of This Document
+      </h2>
+      <p>
+        <em>This section describes the status of this document at the time of its publication. Other documents may
+        supersede this document. A list of current <abbr title="World Wide Web Consortium">W3C</abbr> publications and
+        the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/"><abbr title=
+        "World Wide Web Consortium">W3C</abbr> technical reports index</a> at http://www.w3.org/TR/.</em>
+      </p>
+      <p>
+        This document represents the early consensus of the group on the scope and features of the proposed
+        <abbr title="Application Programming Interface">API</abbr>.
+      </p>
+      <p>
+        This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs Working Group</a> as an
+        Editor's Draft. If you wish to make comments regarding this document, please send them to <a href=
+        "mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href=
+        "mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href=
+        "http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All comments are welcome.
+      </p>
+      <p>
+        Publication as an Editor's Draft does not imply endorsement by the <abbr title=
+        "World Wide Web Consortium">W3C</abbr> Membership. This is a draft document and may be updated, replaced or
+        obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in
+        progress.
+      </p>
+      <p>
+        This document was produced by a group operating under the <a id="sotd_patent"
+           about=""
+           rel="w3p:patentRules"
+           href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <abbr title=
+           "World Wide Web Consortium">W3C</abbr> Patent Policy</a>. <abbr title="World Wide Web Consortium">W3C</abbr>
+           maintains a <a href="http://www.w3.org/2004/01/pp-impl/43696/status"
+           rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the
+           group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge
+           of a patent which the individual believes contains <a href=
+           "http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose
+           the information in accordance with <a href=
+           "http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the <abbr title=
+           "World Wide Web Consortium">W3C</abbr> Patent Policy</a>.
+      </p>
+    </section>
     <section id="toc">
       <h2 class="introductory"
           aria-level="1"
@@ -327,13 +377,18 @@
               class="tocxref"><span class="secno">4.</span> Security and privacy considerations</a>
           <ul class="toc">
             <li class="tocline">
+              <a href="#security-considerations-for-api-implementations"
+                  class="tocxref"><span class="secno">4.1</span> Security considerations for <abbr title=
+                  "Application Programming Interface">API</abbr> implementations</a>
+            </li>
+            <li class="tocline">
               <a href="#privacy-considerations-for-api-implementations"
-                  class="tocxref"><span class="secno">4.1</span> Privacy considerations for <abbr title=
+                  class="tocxref"><span class="secno">4.2</span> Privacy considerations for <abbr title=
                   "Application Programming Interface">API</abbr> implementations</a>
             </li>
             <li class="tocline">
               <a href="#additional-api-implementation-considerations"
-                  class="tocxref"><span class="secno">4.2</span> Additional <abbr title=
+                  class="tocxref"><span class="secno">4.3</span> Additional <abbr title=
                   "Application Programming Interface">API</abbr> implementation considerations</a>
             </li>
           </ul>
@@ -484,7 +539,11 @@
         The user agent, having captured all advertised services on the network from the <a href=
         "#dfn-service-discovery-mechanisms"
            class="internalDFN">service discovery mechanisms</a> included in this recommendation, attempts to match the
-           requested service type to a discovered service according to the processing described herein.
+           requested service type to a discovered service according to the processing described herein. Only
+           Local-networked Services that pass a <a href="#dfn-cors-preflight-check"
+           class="internalDFN">CORS preflight check</a> should be made available to web pages by a user agent. A user
+           agent may provide a way for users to white-list non-CORS enabled Local-networked Services but implementation
+           of such a feature is left to the discretion of the implementer.
       </p>
       <p>
         If a service connectivity request is successful then the Web page is provided with a promise-based success
@@ -728,7 +787,7 @@
       </p>
       <p>
         A <dfn id="dfn-user-agent-generated-callback-url">user-agent generated callback url</dfn> is a Local-network
-        accessible <abbr title="Uniform Resource Locator">URL</abbr> endpoint that a <a href="#dfn-user-agent"
+        accessible URL endpoint that a <a href="#dfn-user-agent"
            class="internalDFN">user agent</a> generates and maintains for receiving <abbr title=
            "Hypertext Transfer Protocol">HTTP</abbr> NOTIFY requests from UPnP Event sources. It is only required when
            the user agent implements UPnP Service Discovery as defined in this specification.
@@ -753,6 +812,19 @@
               class="internalDFN">list of active service managers</a>.
         </li>
       </ul>
+      <p>
+        A <dfn id="dfn-network-services-whitelist">network services whitelist</dfn> is a list of zero or more <a href=
+        "#dfn-valid-service-type"
+           class="internalDFN">valid service type</a> tokens that, when matched to a service type discovered in the
+           local network, enables that service to be shared with a web page even if that Local-networked Service does
+           not itself allow Cross-Origin Resource Sharing [<cite><a class="bibref"
+           href="#bib-CORS">CORS</a></cite>]. A <a href="#dfn-user-agent"
+           class="internalDFN">user agent</a> <em class="rfc2119"
+           title="MUST">MUST</em> simulate CORS support for all service interaction in this case. Implementation of
+           this feature is at implementer's discretion. When a <a href="#dfn-user-agent"
+           class="internalDFN">user agent</a> does not implement a <a href="#dfn-network-services-whitelist"
+           class="internalDFN">network services whitelist</a> then it is to treat this as always being an empty list.
+      </p>
     </section>
     <section id="security-and-privacy-considerations">
       <h2 aria-level="1"
@@ -772,11 +844,49 @@
            title="MUST">MUST</em> ensure that no networked service information is retrievable without the user's
            express permission.
       </p>
+      <section id="security-considerations-for-api-implementations">
+        <h3 aria-level="2"
+            role="heading"
+            id="h3_security-considerations-for-api-implementations">
+          <span class="secno">4.1</span> Security considerations for <abbr title=
+          "Application Programming Interface">API</abbr> implementations
+        </h3>
+        <p>
+          A <a href="#dfn-user-agent"
+             class="internalDFN">user agent</a> <em class="rfc2119"
+             title="MUST">MUST</em> allow web pages to connect only with Local-networked Services that have passed a
+             <a href="#dfn-cors-preflight-check"
+             class="internalDFN">CORS preflight check</a> indicating they support Cross-Origin Resource Sharing
+             [<cite><a class="bibref"
+             href="#bib-CORS">CORS</a></cite>] during the <a href="#dfn-service-discovery-mechanisms"
+             class="internalDFN">service discovery mechanisms</a> provided in this specification. In this way, a
+             <a href="#dfn-user-agent"
+             class="internalDFN">user agent</a> <em class="rfc2119"
+             title="MUST NOT">MUST NOT</em> allow web pages to access other arbitrary networked services on the current
+             local network.
+        </p>
+        <p>
+          A <a href="#dfn-user-agent"
+             class="internalDFN">user agent</a> <em class="rfc2119"
+             title="MAY">MAY</em> provide a way for users to enable access to non-CORS enabled Local-networked Services
+             from web pages (i.e. operate a <a href="#dfn-network-services-whitelist"
+             class="internalDFN">network services whitelist</a>). Implementation of such a <a href=
+             "#dfn-network-services-whitelist"
+             class="internalDFN">network services whitelist</a>, if any, is left to an implementer's discretion. Such a
+             whitelist may be configurable by each user at runtime or may be managed by the implementation itself on
+             behalf of its users. In the case that a <a href="#dfn-user-agent"
+             class="internalDFN">user agent</a> provides a <a href="#dfn-network-services-whitelist"
+             class="internalDFN">network services whitelist</a>, it <em class="rfc2119"
+             title="MUST">MUST</em> act as if all URLs for the Local-networked Service corresponding to any previously
+             whitelisted service type had Cross-Origin Resource Sharing [<cite><a class="bibref"
+             href="#bib-CORS">CORS</a></cite>] enabled indefinitely.
+        </p>
+      </section>
       <section id="privacy-considerations-for-api-implementations">
         <h3 aria-level="2"
             role="heading"
             id="h3_privacy-considerations-for-api-implementations">
-          <span class="secno">4.1</span> Privacy considerations for <abbr title=
+          <span class="secno">4.2</span> Privacy considerations for <abbr title=
           "Application Programming Interface">API</abbr> implementations
         </h3>
         <p>
@@ -786,10 +896,9 @@
              permission of the user. A user agent <em class="rfc2119"
              title="MUST">MUST</em> acquire permission through a user interface, unless they have prearranged trust
              relationships with users, as described below. The user interface <em class="rfc2119"
-             title="MUST">MUST</em> include the document base <abbr title="Uniform Resource Locator">URL</abbr>. Those
-             permissions that are acquired through the user interface and that are preserved beyond the current
-             browsing session (i.e. beyond the time when the browsing context is navigated to another <abbr title=
-             "Uniform Resource Locator">URL</abbr>) <em class="rfc2119"
+             title="MUST">MUST</em> include the document base URL. Those permissions that are acquired through the user
+             interface and that are preserved beyond the current browsing session (i.e. beyond the time when the
+             browsing context is navigated to another URL) <em class="rfc2119"
              title="MUST">MUST</em> be revocable and a user agent <em class="rfc2119"
              title="MUST">MUST</em> respect revoked permissions.
         </p>
@@ -817,20 +926,19 @@
         <h3 aria-level="2"
             role="heading"
             id="h3_additional-api-implementation-considerations">
-          <span class="secno">4.2</span> Additional <abbr title="Application Programming Interface">API</abbr>
+          <span class="secno">4.3</span> Additional <abbr title="Application Programming Interface">API</abbr>
           implementation considerations
         </h3>
         <p>
           <em>This section is non-normative.</em>
         </p>
         <p>
-          Further to the requirements listed in the previous section, implementors of the Network Service Discovery
+          Further to the requirements listed in the previous section, implementers of the Network Service Discovery
           <abbr title="Application Programming Interface">API</abbr> are also advised to consider the following aspects
           that can negatively affect the privacy of their users: in certain cases, users can inadvertently grant
           permission to the user agent to disclose networked services to Web sites. In other cases, the content hosted
-          at a certain <abbr title="Uniform Resource Locator">URL</abbr> changes in such a way that previously granted
-          networked service permissions no longer apply as far as the user is concerned. Or the users might simply
-          change their minds.
+          at a certain URL changes in such a way that previously granted networked service permissions no longer apply
+          as far as the user is concerned. Or the users might simply change their minds.
         </p>
         <p>
           Predicting or preventing these situations is inherently difficult. Mitigation and in-depth defensive measures
@@ -1035,21 +1143,8 @@
             permission above - known as the current objects <dfn id="dfn-user-authorized">user-authorized</dfn>
             services.
             </li>
-            <li>Remove all previously whitelisted urls from the <a href="#dfn-entry-script-origin-s-url-whitelist"
-                  class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
-                  whitelist</a> granted in the current <a href=
-                  "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
-                  class="externalDFN">entry script</a>'s <a href=
-                  "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
-                  class="externalDFN">origin</a>.
-            </li>
             <li>For each Object <var>service</var> in <var>services</var>, if any, run the following sub-steps:
               <ol class="rule">
-                <li>Add the <var>service</var>'s <code>url</code> parameter to the <a href=
-                "#dfn-entry-script-origin-s-url-whitelist"
-                      class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
-                      whitelist</a>.
-                </li>
                 <li>If <var>service</var>'s <code>type</code> parameter begins with the DOMString "<code>upnp:</code>"
                 and the <var>service</var>'s <code>eventsUrl</code> parameter is not empty then <a href=
                 "#dfn-setup-a-upnp-events-subscription"
@@ -1096,34 +1191,6 @@
                class="externalDFN">user interaction task source</a>.
           </p>
           <p>
-            When a <a href="#networkservice"><code>NetworkService</code></a> object is provided to a Web page, the
-            <a href="#dfn-user-agent"
-               class="internalDFN">user agent</a> <em class="rfc2119"
-               title="MUST">MUST</em> add its <a href="#dom-networkservice-url"><code>url</code></a> to the <dfn id=
-               "dfn-entry-script-origin-s-url-whitelist">entry script origin's <abbr title=
-               "Uniform Resource Locator">URL</abbr> whitelist</dfn>. This list enables the Web page to override and
-               initiate cross-site resource requests towards these URLs, and any sub-resources of these URLs, within
-               the current <a href=
-               "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
-               class="externalDFN">entry script</a>'s <a href=
-               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
-               class="externalDFN">origin</a> via various existing mechanisms (e.g. Web Sockets, Server-Sent Events,
-               Web Messaging, XMLHttpRequest).
-          </p>
-          <p>
-            If the user navigates away from the <a href=
-            "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
-               class="externalDFN">entry script</a>'s <a href=
-               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
-               class="externalDFN">origin</a> or permission to access a given networked service is revoked at any time
-               by the platform or user then the <a href="#dfn-user-agent"
-               class="internalDFN">user agent</a> <em class="ct"><em class="rfc2119"
-                title="MUST">MUST</em></em> remove its previously whitelisted urls from the <a href=
-                "#dfn-entry-script-origin-s-url-whitelist"
-               class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
-               whitelist</a>.
-          </p>
-          <p>
             There is no implied persistence to networked service sharing provided to a web page. It <em class="rfc2119"
                title="MUST NOT">MUST NOT</em> be possible to access a previously white-listed networked service without
                user authorization in all of the following cases:
@@ -1479,11 +1546,7 @@
           </dt>
           <dd>
             <p>
-              The control <abbr title="Uniform Resource Locator">URL</abbr> endpoint (including any required port
-              information) of the user-selected control service that has been added to the <a href=
-              "#dfn-entry-script-origin-s-url-whitelist"
-                 class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
-                 whitelist</a>.
+              The control URL endpoint (including any required port information) of the user-selected control service.
             </p>
           </dd>
           <dt>
@@ -1513,12 +1576,10 @@
         <p>
           The <dfn id="dom-networkservice-url"><code>url</code></dfn> attribute is an <a href=
           "http://url.spec.whatwg.org/#concept-absolute-url"
-             class="externalDFN">absolute <abbr title="Uniform Resource Locator">URL</abbr></a> pointing to the root
-             <abbr title="Hypertext Transfer Protocol">HTTP</abbr> endpoint for the service that has been added to the
-             <a href="#dfn-entry-script-origin-s-url-whitelist"
-             class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr> whitelist</a>.
-             Web pages can subsequently use this value for implicit cross-document messaging via various existing
-             mechanisms (e.g. Web Sockets, Server-Sent Events, Web Messaging, XMLHttpRequest).
+             class="externalDFN">absolute URL</a> pointing to the root <abbr title=
+             "Hypertext Transfer Protocol">HTTP</abbr> endpoint for the service. Web pages can subsequently use this
+             value for implicit cross-document messaging via various existing mechanisms (e.g. Web Sockets, Server-Sent
+             Events, Web Messaging, XMLHttpRequest).
         </p>
         <p>
           The <dfn id="dom-networkservice-config"><code>config</code></dfn> attribute provides the raw configuration
@@ -1836,6 +1897,49 @@
            class="internalDFN">removing an available service</a>, passing in the expired service record's
            <code>id</code> attribute as the only argument.
       </p>
+      <p>
+        The <dfn id="dfn-cors-preflight-check">CORS preflight check</dfn> algorithm determines whether a
+        Local-networked Service supports Cross-Origin Resource Sharing [<cite><a class="bibref"
+           href="#bib-CORS">CORS</a></cite>] prior to that service being proposed for sharing to users and prior to
+           active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and
+           consists of running the following steps:
+      </p>
+      <ol class="rule">
+        <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
+        "http://www.w3.org/TR/cors/#cross-origin-request-status"
+              class="externalDFN">cross-origin request status</a> [<cite><a class="bibref"
+             href="#bib-CORS">CORS</a></cite>] after performing a <a href=
+             "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
+              class="externalDFN">cross-origin request with preflight</a> [<cite><a class="bibref"
+             href="#bib-CORS">CORS</a></cite>] towards the <var>control endpoint URL</var> with the <a href=
+             "http://www.w3.org/TR/cors/#source-origin"
+              class="externalDFN">source origin</a> [<cite><a class="bibref"
+             href="#bib-CORS">CORS</a></cite>] set to the public IP address of the current machine, terminating this
+             algorithm at Step 2 (when <a href="http://www.w3.org/TR/cors/#cross-origin-request-status"
+              class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
+              prior error has occurred in the algorithm).
+        </li>
+        <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
+        <code>pass</code>. Otherwise, return <code>fail</code>.
+        </li>
+      </ol>
+      <p>
+        User agents <em class="rfc2119"
+           title="SHOULD">SHOULD</em> re-run the <a href="#dfn-cors-preflight-check"
+           class="internalDFN">CORS preflight check</a> algorithm against service endpoint URLs when their <a href=
+           "http://www.w3.org/TR/cors/#cache-max-age"
+           class="externalDFN">max-age</a> [<cite><a class="bibref"
+           href="#bib-CORS">CORS</a></cite>] entry in the <a href="http://www.w3.org/TR/cors/#preflight-result-cache"
+           class="externalDFN">preflight result cache</a> [<cite><a class="bibref"
+           href="#bib-CORS">CORS</a></cite>] exceeds the current time. If this subsequent execution of the <a href=
+           "#dfn-cors-preflight-check"
+           class="internalDFN">CORS preflight check</a> algorithm returns <code>fail</code> then the <a href=
+           "#dfn-user-agent"
+           class="internalDFN">user agent</a> <em class="rfc2119"
+           title="MUST">MUST</em> run the general rule for <a href="#dfn-removing-an-available-service"
+           class="internalDFN">removing an available service</a> passing in the associated <var>network service
+           record</var>'s <code>id</code> attribute as the only argument.
+      </p>
       <section id="zeroconf-mdns-dns-sd">
         <h3 aria-level="2"
             role="heading"
@@ -1879,9 +1983,9 @@
               Instance Name's <var>Service</var> component [<cite><a class="bibref"
                    href="#bib-MDNS">MDNS</a></cite>].
               </li>
-              <li>Set <var>network service record</var>'s <code>url</code> property to the resolvable Service
-              <abbr title="Uniform Resource Locator">URL</abbr> obtained from performing an <abbr title=
-              "Domain Name System">DNS</abbr>-<abbr title="Service Discovery">SD</abbr> Lookup [<cite><a class="bibref"
+              <li>Set <var>network service record</var>'s <code>url</code> property to the resolvable Service URL
+              obtained from performing an <abbr title="Domain Name System">DNS</abbr>-<abbr title=
+              "Service Discovery">SD</abbr> Lookup [<cite><a class="bibref"
                    href="#bib-DNS-SD">DNS-SD</a></cite>] of the current service from the <abbr title=
                    "DNS Pointer Record">PTR</abbr> record provided [<cite><a class="bibref"
                    href="#bib-MDNS">MDNS</a></cite>].
@@ -1895,9 +1999,16 @@
               <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
               current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
               </li>
-              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
+              <li>If the result of running the <a href="#dfn-cors-preflight-check"
+                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
+                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
+                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
+                    "#dfn-network-services-whitelist"
+                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
+                    "#dfn-adding-an-available-service"
                     class="internalDFN">adding an available service</a>, passing in the current <var>network service
-                    record</var> as the only argument.
+                    record</var> as the only argument. Otherwise, discard the current <var>network service
+                    record</var>.
               </li>
             </ol>
           </li>
@@ -1997,11 +2108,10 @@
           <li>The user agent <em class="rfc2119"
                 title="MUST">MUST</em> run the rule for <a href="#dfn-obtaining-a-upnp-device-description-file"
                 class="internalDFN">obtaining a UPnP Device Description File</a> passing in the first occurrence of
-                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor <abbr title=
-                "Uniform Resource Locator">URL</abbr></var> argument and the first occurrence of <var>USN</var> from
-                <var>ssdp device</var> as the <var>device identifier</var> argument and the first occurrence of
-                <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the leading string of
-                <code>max-age=</code>) as the <var>device expiry</var> argument.
+                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor URL</var> argument and
+                the first occurrence of <var>USN</var> from <var>ssdp device</var> as the <var>device identifier</var>
+                argument and the first occurrence of <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the
+                leading string of <code>max-age=</code>) as the <var>device expiry</var> argument.
           </li>
         </ol>
         <p>
@@ -2042,11 +2152,10 @@
           <em class="rfc2119"
                 title="MUST">MUST</em> run the rule for <a href="#dfn-obtaining-a-upnp-device-description-file"
                 class="internalDFN">obtaining a UPnP Device Description File</a> passing in the first occurrence of
-                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor <abbr title=
-                "Uniform Resource Locator">URL</abbr></var> argument and the first occurrence of <var>USN</var> from
-                <var>ssdp device</var> as the <var>device identifier</var> argument and the first occurrence of
-                <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the leading string of
-                <code>max-age=</code>) as the <var>device expiry</var>.<br>
+                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor URL</var> argument and
+                the first occurrence of <var>USN</var> from <var>ssdp device</var> as the <var>device identifier</var>
+                argument and the first occurrence of <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the
+                leading string of <code>max-age=</code>) as the <var>device expiry</var>.<br>
             <br>
             Otherwise, if <var>ssdp device</var>'s <var>NTS</var> entry is equal to <code>ssdp:byebye</code> then the
             user agent <em class="rfc2119"
@@ -2060,23 +2169,20 @@
           The rule for <dfn id="dfn-obtaining-a-upnp-device-description-file">obtaining a UPnP Device Description
           File</dfn> is the process of obtaining the contents of a standard UPnP Device Description [<cite><a class=
           "bibref"
-             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a <abbr title=
-             "Uniform Resource Locator">URL</abbr>-based resource. This rule takes three arguments - <var>device
-             descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>, <var>device identifier</var> and
-             <var>device expiry</var> - and when called the user agent <em class="rfc2119"
+             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a URL-based resource. This rule takes
+             three arguments - <var>device descriptor URL</var>, <var>device identifier</var> and <var>device
+             expiry</var> - and when called the user agent <em class="rfc2119"
              title="MUST">MUST</em> run the following steps:
         </p>
         <ol class="rule">
-          <li>Let <var>device descriptor file</var> contain the contents of the file located at the <abbr title=
-          "Uniform Resource Locator">URL</abbr> provided in <var>device descriptor <abbr title=
-          "Uniform Resource Locator">URL</abbr></var> obtained according to the rules defined in 'Section 2.11:
-          Retrieving a description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class=
-          "bibref"
+          <li>Let <var>device descriptor file</var> contain the contents of the file located at the URL provided in
+          <var>device descriptor URL</var> obtained according to the rules defined in 'Section 2.11: Retrieving a
+          description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class="bibref"
                href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>].
           </li>
-          <li>If the value provided in <var>device descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>
-          cannot be resolved as a reachable <abbr title="Uniform Resource Locator">URL</abbr> on the current network or
-          the <var>device descriptor file</var> remains empty then it is invalid and the <a href="#dfn-user-agent"
+          <li>If the value provided in <var>device descriptor URL</var> cannot be resolved as a reachable URL on the
+          current network or the <var>device descriptor file</var> remains empty then it is invalid and the <a href=
+          "#dfn-user-agent"
                 class="internalDFN">user agent</a> <em class="rfc2119"
                 title="MUST">MUST</em> abort any remaining steps and return.
           </li>
@@ -2142,9 +2248,16 @@
               <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
               current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
               </li>
-              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
+              <li>If the result of running the <a href="#dfn-cors-preflight-check"
+                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
+                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
+                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
+                    "#dfn-network-services-whitelist"
+                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
+                    "#dfn-adding-an-available-service"
                     class="internalDFN">adding an available service</a>, passing in the current <var>network service
-                    record</var> as the only argument.
+                    record</var> as the only argument. Otherwise, discard the current <var>network service
+                    record</var>.
               </li>
             </ol>
           </li>
@@ -2195,16 +2308,15 @@
                 class="internalDFN">user agent</a> <em class="rfc2119"
                 title="MUST">MUST</em> abort these steps.
           </li>
-          <li>Let <var>callback <abbr title="Uniform Resource Locator">URL</abbr></var> be the value of creating a new
-          <a href="#dfn-user-agent-generated-callback-url"
+          <li>Let <var>callback URL</var> be the value of creating a new <a href=
+          "#dfn-user-agent-generated-callback-url"
                 class="internalDFN">user-agent generated callback url</a>.
           </li>
           <li>Send a <abbr title="Hypertext Transfer Protocol">HTTP</abbr> SUBSCRIBE request with a <em>NT</em> header
           with a string value of <code>upnp:event</code>, a <em>TIMEOUT</em> header with a user-agent defined timeout
           value (in the form <code>Second-XX</code> where <code>XX</code> is the user-agent defined timeout value in
-          seconds) and a <em>CALLBACK</em> header with a string value of <var>callback <abbr title=
-          "Uniform Resource Locator">URL</abbr></var> towards the <var>network service record</var>'s
-          <code>eventsUrl</code> property.
+          seconds) and a <em>CALLBACK</em> header with a string value of <var>callback URL</var> towards the
+          <var>network service record</var>'s <code>eventsUrl</code> property.
           </li>
           <li>If a non-200 OK response is received from the <abbr title="Hypertext Transfer Protocol">HTTP</abbr>
           SUBSCRIBE request then the <a href="#dfn-user-agent"
@@ -2252,8 +2364,7 @@
               </li>
               <li>
                 <em>Listen</em>: For each <abbr title="Hypertext Transfer Protocol">HTTP</abbr> NOTIFY request received
-                at the <var>callback <abbr title="Uniform Resource Locator">URL</abbr></var> the <a href=
-                "#dfn-user-agent"
+                at the <var>callback URL</var> the <a href="#dfn-user-agent"
                     class="internalDFN">user agent</a> is to run the following steps:
                 <ol class="rule">
                   <li>Let <var>content clone</var> be the result of obtaining the message body of the <abbr title=
@@ -2384,41 +2495,35 @@
           <li>The user agent <em class="rfc2119"
                 title="MUST">MUST</em> run the rule for <a href="#dfn-obtaining-a-upnp-device-description-file"
                 class="internalDFN">obtaining a UPnP Device Description File</a> passing in the first occurrence of
-                <var>LOCATION</var> from <var>dial device</var> as the <var>device descriptor <abbr title=
-                "Uniform Resource Locator">URL</abbr></var> argument and the first occurrence of <var>USN</var> from
-                <var>dial device</var> as the <var>device identifier</var> argument and the first occurrence of
-                <var>CACHE-CONTROL</var> from <var>dial device</var> (minus the leading string of
-                <code>max-age=</code>) as the <var>device expiry</var> argument.
+                <var>LOCATION</var> from <var>dial device</var> as the <var>device descriptor URL</var> argument and
+                the first occurrence of <var>USN</var> from <var>dial device</var> as the <var>device identifier</var>
+                argument and the first occurrence of <var>CACHE-CONTROL</var> from <var>dial device</var> (minus the
+                leading string of <code>max-age=</code>) as the <var>device expiry</var> argument.
           </li>
         </ol>
         <p>
           The rule for <dfn id="dfn-obtaining-a-dial-device-description-file">obtaining a <abbr title=
           "Discovery and Launch Protocol">DIAL</abbr> Device Description File</dfn> is the process of obtaining the
           contents of a standard UPnP Device Description [<cite><a class="bibref"
-             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a <abbr title=
-             "Uniform Resource Locator">URL</abbr>-based resource. This rule takes three arguments - <var>device
-             descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>, <var>device identifier</var> and
-             <var>device expiry</var> - and when called the user agent <em class="rfc2119"
+             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a URL-based resource. This rule takes
+             three arguments - <var>device descriptor URL</var>, <var>device identifier</var> and <var>device
+             expiry</var> - and when called the user agent <em class="rfc2119"
              title="MUST">MUST</em> run the following steps:
         </p>
         <ol class="rule">
-          <li>Let <var>device descriptor file</var> contain the contents of the file located at the <abbr title=
-          "Uniform Resource Locator">URL</abbr> provided in <var>device descriptor <abbr title=
-          "Uniform Resource Locator">URL</abbr></var> obtained according to the rules defined in 'Section 2.11:
-          Retrieving a description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class=
-          "bibref"
+          <li>Let <var>device descriptor file</var> contain the contents of the file located at the URL provided in
+          <var>device descriptor URL</var> obtained according to the rules defined in 'Section 2.11: Retrieving a
+          description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class="bibref"
                href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>].
           </li>
-          <li>Let <var>application url</var> be the value of the first occurrence of the
-            <code>Application-<abbr title="Uniform Resource Locator">URL</abbr></code> response header field obtained
-            according to the rules defined in 'Section 5.4: Device Description Response' in [<a href=
-            "https://sites.google.com/a/dial-multiscreen.org/dial/dial-protocol-specification"><abbr title=
-            "Discovery and Launch Protocol">DIAL</abbr></a>]
+          <li>Let <var>application url</var> be the value of the first occurrence of the <code>Application-URL</code>
+          response header field obtained according to the rules defined in 'Section 5.4: Device Description Response'
+          in [<a href="https://sites.google.com/a/dial-multiscreen.org/dial/dial-protocol-specification"><abbr title=
+          "Discovery and Launch Protocol">DIAL</abbr></a>]
           </li>
-          <li>If the value provided in <var>device descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>
-          cannot be resolved as a reachable <abbr title="Uniform Resource Locator">URL</abbr> on the current network or
-          the <var>device descriptor file</var> remains empty or <var>application url</var> is undefined then it is
-          invalid and the <a href="#dfn-user-agent"
+          <li>If the value provided in <var>device descriptor URL</var> cannot be resolved as a reachable URL on the
+          current network or the <var>device descriptor file</var> remains empty or <var>application url</var> is
+          undefined then it is invalid and the <a href="#dfn-user-agent"
                 class="internalDFN">user agent</a> <em class="rfc2119"
                 title="MUST">MUST</em> abort any remaining steps and return.
           </li>
@@ -2447,9 +2552,16 @@
               <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
               current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
               </li>
-              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
+              <li>If the result of running the <a href="#dfn-cors-preflight-check"
+                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
+                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
+                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
+                    "#dfn-network-services-whitelist"
+                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
+                    "#dfn-adding-an-available-service"
                     class="internalDFN">adding an available service</a>, passing in the current <var>network service
-                    record</var> as the only argument.
+                    record</var> as the only argument. Otherwise, discard the current <var>network service
+                    record</var>.
               </li>
             </ol>
           </li>
@@ -2621,10 +2733,7 @@
            class="externalDFN"><code>Document</code></a> object goes away), the <a href="#dfn-user-agent"
            class="internalDFN">user agent</a> <em class="rfc2119"
            title="MUST">MUST</em> remove this object from the <a href="#dfn-list-of-active-service-managers"
-           class="internalDFN">list of active service managers</a> and remove the <a href=
-           "#dom-networkservice-url"><code>url</code></a> of each of its <a href="#dfn-indexed-properties-1"
-           class="internalDFN">indexed properties</a> from the <a href="#dfn-entry-script-origin-s-url-whitelist"
-           class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr> whitelist</a>.
+           class="internalDFN">list of active service managers</a>.
       </p>
     </section>
     <section id="use-cases-and-requirements">
@@ -2801,11 +2910,9 @@
 "str">"POST"</span><span class="pun">,</span><span class="pln"> services</span><span class="pun">[</span><span class=
 "lit">0</span><span class="pun">].</span><span class="pln">url </span><span class="pun">+</span><span class=
 "pln"> </span><span class="str">"/getAlbums"</span><span class="pun">);</span><span class="pln"> </span><span class=
-"com">// services[0].url and its sub-resources have been</span><span class="pln">
+"com">// services[0].url and its sub-resources are</span><span class="pln">
                                                         </span><span class=
-"com">// whitelisted for cross-site XHR use in this</span><span class="pln">
-                                                        </span><span class=
-"com">// current browsing context.</span><span class="pln">
+"com">// available for cross-site XHR use.</span><span class="pln">
 
    svcXhr</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class=
 "pun">(</span><span class="str">'Content-Type'</span><span class="pun">,</span><span class="pln"> </span><span class=
@@ -3067,12 +3174,9 @@
     svcXhr</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class=
 "str">"POST"</span><span class="pun">,</span><span class="pln"> services</span><span class="pun">[</span><span class=
 "lit">0</span><span class="pun">].</span><span class="pln">url</span><span class="pun">);</span><span class=
-"pln"> </span><span class="com">// services[0].url and its</span><span class="pln">
+"pln"> </span><span class="com">// services[0].url and its sub-resources are</span><span class="pln">
                                           </span><span class=
-"com">// sub-resources have been whitelisted for</span><span class="pln">
-                                          </span><span class=
-"com">// cross-site XHR use in this current</span><span class="pln">
-                                          </span><span class="com">// browsing context.</span><span class="pln">
+"com">// available for cross-site XHR use.</span><span class="pln">
 
     svcXhr</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class=
 "pun">(</span><span class="str">'SOAPAction'</span><span class="pun">,</span><span class="pln"> </span><span class=
@@ -3197,6 +3301,14 @@
         </h3>
         <dl class="bibliography"
             about="">
+          <dt id="bib-CORS">
+            [CORS]
+          </dt>
+          <dd rel="dcterms:requires">
+            Anne van Kesteren. <a href="http://www.w3.org/TR/cors/"><cite>Cross-Origin Resource Sharing</cite></a>. 29
+            January 2013. W3C Candidate Recommendation. URL: <a href=
+            "http://www.w3.org/TR/cors/">http://www.w3.org/TR/cors/</a>
+          </dd>
           <dt id="bib-DNS-SD">
             [DNS-SD]
           </dt>
--- a/discovery-api/Overview.src.html	Sat Sep 28 11:13:44 2013 -0400
+++ b/discovery-api/Overview.src.html	Mon Oct 07 14:07:57 2013 +1100
@@ -143,7 +143,10 @@
       <p>
         The user agent, having captured all advertised services on the network from the <a>service discovery
         mechanisms</a> included in this recommendation, attempts to match the requested service type to a discovered
-        service according to the processing described herein.
+        service according to the processing described herein. Only Local-networked Services that pass a <a>CORS
+        preflight check</a> should be made available to web pages by a user agent. A user agent may provide a way for
+        users to white-list non-CORS enabled Local-networked Services but implementation of such a feature is left to
+        the discretion of the implementer.
       </p>
       <p>
         If a service connectivity request is successful then the Web page is provided with a promise-based success
@@ -327,6 +330,14 @@
         managers</a>.
         </li>
       </ul>
+      <p>
+        A <dfn>network services whitelist</dfn> is a list of zero or more <a>valid service type</a> tokens that, when
+        matched to a service type discovered in the local network, enables that service to be shared with a web page
+        even if that Local-networked Service does not itself allow Cross-Origin Resource Sharing [[!CORS]]. A <a>user
+        agent</a> MUST simulate CORS support for all service interaction in this case. Implementation of this feature
+        is at implementer's discretion. When a <a>user agent</a> does not implement a <a>network services whitelist</a>
+        then it is to treat this as always being an empty list.
+      </p>
     </section>
     <section>
       <h2>
@@ -342,6 +353,26 @@
       </p>
       <section>
         <h3>
+          Security considerations for API implementations
+        </h3>
+        <p>
+          A <a>user agent</a> MUST allow web pages to connect only with Local-networked Services that have passed a
+          <a>CORS preflight check</a> indicating they support Cross-Origin Resource Sharing [[!CORS]] during the
+          <a>service discovery mechanisms</a> provided in this specification. In this way, a <a>user agent</a> MUST NOT
+          allow web pages to access other arbitrary networked services on the current local network.
+        </p>
+        <p>
+          A <a>user agent</a> MAY provide a way for users to enable access to non-CORS enabled Local-networked Services
+          from web pages (i.e. operate a <a>network services whitelist</a>). Implementation of such a <a>network
+          services whitelist</a>, if any, is left to an implementer's discretion. Such a whitelist may be configurable
+          by each user at runtime or may be managed by the implementation itself on behalf of its users. In the case
+          that a <a>user agent</a> provides a <a>network services whitelist</a>, it MUST act as if all URLs for the
+          Local-networked Service corresponding to any previously whitelisted service type had Cross-Origin Resource
+          Sharing [[!CORS]] enabled indefinitely.
+        </p>
+      </section>
+      <section>
+        <h3>
           Privacy considerations for API implementations
         </h3>
         <p>
@@ -373,7 +404,7 @@
           Additional API implementation considerations
         </h3>
         <p>
-          Further to the requirements listed in the previous section, implementors of the Network Service Discovery API
+          Further to the requirements listed in the previous section, implementers of the Network Service Discovery API
           are also advised to consider the following aspects that can negatively affect the privacy of their users: in
           certain cases, users can inadvertently grant permission to the user agent to disclose networked services to
           Web sites. In other cases, the content hosted at a certain URL changes in such a way that previously granted
@@ -558,17 +589,8 @@
             or more <a href="#networkservice"><code>NetworkService</code></a> objects for which the user granted
             permission above - known as the current objects <dfn>user-authorized</dfn> services.
             </li>
-            <li>Remove all previously whitelisted urls from the <a>entry script origin's URL whitelist</a> granted in
-            the current <a href="http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
-                  class="externalDFN">entry script</a>'s <a href=
-                  "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
-                  class="externalDFN">origin</a>.
-            </li>
             <li>For each Object <var>service</var> in <var>services</var>, if any, run the following sub-steps:
               <ol class="rule">
-                <li>Add the <var>service</var>'s <code>url</code> parameter to the <a>entry script origin's
-                  <abbr title="Uniform Resource Locator">URL</abbr> whitelist</a>.
-                </li>
                 <li>If <var>service</var>'s <code>type</code> parameter begins with the DOMString "<code>upnp:</code>"
                 and the <var>service</var>'s <code>eventsUrl</code> parameter is not empty then <a>setup a UPnP Events
                 Subscription</a> for <var>service</var>.
@@ -609,26 +631,6 @@
                class="externalDFN">user interaction task source</a>.
           </p>
           <p>
-            When a <a href="#networkservice"><code>NetworkService</code></a> object is provided to a Web page, the
-            <a>user agent</a> MUST add its <a href="#dom-networkservice-url"><code>url</code></a> to the <dfn>entry
-            script origin's URL whitelist</dfn>. This list enables the Web page to override and initiate cross-site
-            resource requests towards these URLs, and any sub-resources of these URLs, within the current <a href=
-            "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
-               class="externalDFN">entry script</a>'s <a href=
-               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
-               class="externalDFN">origin</a> via various existing mechanisms (e.g. Web Sockets, Server-Sent Events,
-               Web Messaging, XMLHttpRequest).
-          </p>
-          <p>
-            If the user navigates away from the <a href=
-            "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
-               class="externalDFN">entry script</a>'s <a href=
-               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
-               class="externalDFN">origin</a> or permission to access a given networked service is revoked at any time
-               by the platform or user then the <a>user agent</a> <em class="ct">MUST</em> remove its previously
-               whitelisted urls from the <a>entry script origin's URL whitelist</a>.
-          </p>
-          <p>
             There is no implied persistence to networked service sharing provided to a web page. It MUST NOT be
             possible to access a previously white-listed networked service without user authorization in all of the
             following cases:
@@ -942,8 +944,7 @@
           </dt>
           <dd>
             <p>
-              The control URL endpoint (including any required port information) of the user-selected control service
-              that has been added to the <a>entry script origin's URL whitelist</a>.
+              The control URL endpoint (including any required port information) of the user-selected control service.
             </p>
           </dd>
           <dt>
@@ -972,10 +973,9 @@
         <p>
           The <dfn id="dom-networkservice-url"><code>url</code></dfn> attribute is an <a href=
           "http://url.spec.whatwg.org/#concept-absolute-url"
-             class="externalDFN">absolute URL</a> pointing to the root HTTP endpoint for the service that has been
-             added to the <a>entry script origin's URL whitelist</a>. Web pages can subsequently use this value for
-             implicit cross-document messaging via various existing mechanisms (e.g. Web Sockets, Server-Sent Events,
-             Web Messaging, XMLHttpRequest).
+             class="externalDFN">absolute URL</a> pointing to the root HTTP endpoint for the service. Web pages can
+             subsequently use this value for implicit cross-document messaging via various existing mechanisms (e.g.
+             Web Sockets, Server-Sent Events, Web Messaging, XMLHttpRequest).
         </p>
         <p>
           The <dfn id="dom-networkservice-config"><code>config</code></dfn> attribute provides the raw configuration
@@ -1248,6 +1248,39 @@
         <a>user agent</a> SHOULD run the rule for <a>removing an available service</a>, passing in the expired service
         record's <code>id</code> attribute as the only argument.
       </p>
+      <p>
+        The <dfn>CORS preflight check</dfn> algorithm determines whether a Local-networked Service supports
+        Cross-Origin Resource Sharing [[!CORS]] prior to that service being proposed for sharing to users and prior to
+        active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and consists
+        of running the following steps:
+      </p>
+      <ol class="rule">
+        <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
+        "http://www.w3.org/TR/cors/#cross-origin-request-status"
+              class="externalDFN">cross-origin request status</a> [[!CORS]] after performing a <a href=
+              "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
+              class="externalDFN">cross-origin request with preflight</a> [[!CORS]] towards the <var>control endpoint
+              URL</var> with the <a href="http://www.w3.org/TR/cors/#source-origin"
+              class="externalDFN">source origin</a> [[!CORS]] set to the public IP address of the current machine,
+              terminating this algorithm at Step 2 (when <a href=
+              "http://www.w3.org/TR/cors/#cross-origin-request-status"
+              class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
+              prior error has occurred in the algorithm).
+        </li>
+        <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
+        <code>pass</code>. Otherwise, return <code>fail</code>.
+        </li>
+      </ol>
+      <p>
+        User agents SHOULD re-run the <a>CORS preflight check</a> algorithm against service endpoint URLs when their
+        <a href="http://www.w3.org/TR/cors/#cache-max-age"
+           class="externalDFN">max-age</a> [[!CORS]] entry in the <a href=
+           "http://www.w3.org/TR/cors/#preflight-result-cache"
+           class="externalDFN">preflight result cache</a> [[!CORS]] exceeds the current time. If this subsequent
+           execution of the <a>CORS preflight check</a> algorithm returns <code>fail</code> then the <a>user agent</a>
+           MUST run the general rule for <a>removing an available service</a> passing in the associated <var>network
+           service record</var>'s <code>id</code> attribute as the only argument.
+      </p>
       <section>
         <h4>
           Zeroconf (<abbr title="Multicast DNS">mDNS</abbr> + <abbr title="Domain Name System">DNS</abbr>-<abbr title=
@@ -1290,8 +1323,12 @@
               <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
               current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
               </li>
-              <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
-              service record</var> as the only argument.
+              <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
+              the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
+              current <var>network service record</var>'s <code>type</code> property is present in the <a>network
+              services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
+              current <var>network service record</var> as the only argument. Otherwise, discard the current
+              <var>network service record</var>.
               </li>
             </ol>
           </li>
@@ -1456,8 +1493,12 @@
               <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
               current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
               </li>
-              <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
-              service record</var> as the only argument.
+              <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
+              the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
+              current <var>network service record</var>'s <code>type</code> property is present in the <a>network
+              services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
+              current <var>network service record</var> as the only argument. Otherwise, discard the current
+              <var>network service record</var>.
               </li>
             </ol>
           </li>
@@ -1679,8 +1720,12 @@
               <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
               current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
               </li>
-              <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
-              service record</var> as the only argument.
+              <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
+              the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
+              current <var>network service record</var>'s <code>type</code> property is present in the <a>network
+              services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
+              current <var>network service record</var> as the only argument. Otherwise, discard the current
+              <var>network service record</var>.
               </li>
             </ol>
           </li>
@@ -1813,9 +1858,7 @@
         If a <a>user agent</a> is to <dfn>make disappear</dfn> a <a><code>NetworkServices</code></a> object (this
         happens when a <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#document"
            class="externalDFN"><code>Document</code></a> object goes away), the <a>user agent</a> MUST remove this
-           object from the <a>list of active service managers</a> and remove the <a href=
-           "#dom-networkservice-url"><code>url</code></a> of each of its <a>indexed properties</a> from the <a>entry
-           script origin's URL whitelist</a>.
+           object from the <a>list of active service managers</a>.
       </p>
     </section>
     <section>
@@ -1943,9 +1986,8 @@
 // Send a service message to get albums list (and process the service response)
 
    var svcXhr = new XMLHttpRequest();
-   svcXhr.open("POST", services[0].url + "/getAlbums"); // services[0].url and its sub-resources have been
-                                                        // whitelisted for cross-site XHR use in this
-                                                        // current browsing context.
+   svcXhr.open("POST", services[0].url + "/getAlbums"); // services[0].url and its sub-resources are
+                                                        // available for cross-site XHR use.
 
    svcXhr.setRequestHeader('Content-Type', 'application/json-rpc');
 
@@ -2053,10 +2095,8 @@
  // Send a control signal to mute the service audio
 
     var svcXhr = new XMLHttpRequest();
-    svcXhr.open("POST", services[0].url); // services[0].url and its
-                                          // sub-resources have been whitelisted for
-                                          // cross-site XHR use in this current
-                                          // browsing context.
+    svcXhr.open("POST", services[0].url); // services[0].url and its sub-resources are
+                                          // available for cross-site XHR use.
 
     svcXhr.setRequestHeader('SOAPAction', 'urn:schemas-upnp-org:service:RenderingControl:1#SetMute');
     svcXhr.setRequestHeader('Content-Type', 'text/xml; charset="utf-8";');