Add CORS as the primary network service opt-in mechanism for the NSD API specification
authorRich Tibbett <richt@opera.com>
Mon, 07 Oct 2013 14:07:57 +1100
changeset 480f3ea6558ffe1
parent 479 8e660ae0694c
child 481 674b477d1ee5
Add CORS as the primary network service opt-in mechanism for the NSD API specification
discovery-api/Overview.html
discovery-api/Overview.src.html
     1.1 --- a/discovery-api/Overview.html	Sat Sep 28 11:13:44 2013 -0400
     1.2 +++ b/discovery-api/Overview.html	Mon Oct 07 14:07:57 2013 +1100
     1.3 @@ -205,6 +205,7 @@
     1.4            href="https://www.w3.org/StyleSheets/TR/W3C-ED">
     1.5    </head>
     1.6    <body class="h-entry"
     1.7 +        style=""
     1.8          role="document"
     1.9          id="respecDocument">
    1.10      <div class="head"
    1.11 @@ -223,10 +224,10 @@
    1.12        </h1>
    1.13        <h2 property="dcterms:issued"
    1.14            datatype="xsd:dateTime"
    1.15 -          content="2013-09-05T11:58:47.000Z"
    1.16 -          id="w3c-editor-s-draft-05-september-2013">
    1.17 +          content="2013-10-06T16:06:07.000Z"
    1.18 +          id="w3c-editor-s-draft-07-october-2013">
    1.19          <abbr title="World Wide Web Consortium">W3C</abbr> Editor's Draft <time class="dt-published"
    1.20 -            datetime="2013-09-05">05 September 2013</time>
    1.21 +            datetime="2013-10-07">07 October 2013</time>
    1.22        </h2>
    1.23        <dl>
    1.24          <dt>
    1.25 @@ -294,6 +295,55 @@
    1.26          within the current network.
    1.27        </p>
    1.28      </section>
    1.29 +    <section id="sotd"
    1.30 +             class="introductory"
    1.31 +             typeof="bibo:Chapter"
    1.32 +             resource="#sotd"
    1.33 +             rel="bibo:chapter">
    1.34 +      <h2 aria-level="1"
    1.35 +          role="heading"
    1.36 +          id="h2_sotd">
    1.37 +        Status of This Document
    1.38 +      </h2>
    1.39 +      <p>
    1.40 +        <em>This section describes the status of this document at the time of its publication. Other documents may
    1.41 +        supersede this document. A list of current <abbr title="World Wide Web Consortium">W3C</abbr> publications and
    1.42 +        the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/"><abbr title=
    1.43 +        "World Wide Web Consortium">W3C</abbr> technical reports index</a> at http://www.w3.org/TR/.</em>
    1.44 +      </p>
    1.45 +      <p>
    1.46 +        This document represents the early consensus of the group on the scope and features of the proposed
    1.47 +        <abbr title="Application Programming Interface">API</abbr>.
    1.48 +      </p>
    1.49 +      <p>
    1.50 +        This document was published by the <a href="http://www.w3.org/2009/dap/">Device APIs Working Group</a> as an
    1.51 +        Editor's Draft. If you wish to make comments regarding this document, please send them to <a href=
    1.52 +        "mailto:public-device-apis@w3.org">public-device-apis@w3.org</a> (<a href=
    1.53 +        "mailto:public-device-apis-request@w3.org?subject=subscribe">subscribe</a>, <a href=
    1.54 +        "http://lists.w3.org/Archives/Public/public-device-apis/">archives</a>). All comments are welcome.
    1.55 +      </p>
    1.56 +      <p>
    1.57 +        Publication as an Editor's Draft does not imply endorsement by the <abbr title=
    1.58 +        "World Wide Web Consortium">W3C</abbr> Membership. This is a draft document and may be updated, replaced or
    1.59 +        obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in
    1.60 +        progress.
    1.61 +      </p>
    1.62 +      <p>
    1.63 +        This document was produced by a group operating under the <a id="sotd_patent"
    1.64 +           about=""
    1.65 +           rel="w3p:patentRules"
    1.66 +           href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <abbr title=
    1.67 +           "World Wide Web Consortium">W3C</abbr> Patent Policy</a>. <abbr title="World Wide Web Consortium">W3C</abbr>
    1.68 +           maintains a <a href="http://www.w3.org/2004/01/pp-impl/43696/status"
    1.69 +           rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the
    1.70 +           group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge
    1.71 +           of a patent which the individual believes contains <a href=
    1.72 +           "http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose
    1.73 +           the information in accordance with <a href=
    1.74 +           "http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the <abbr title=
    1.75 +           "World Wide Web Consortium">W3C</abbr> Patent Policy</a>.
    1.76 +      </p>
    1.77 +    </section>
    1.78      <section id="toc">
    1.79        <h2 class="introductory"
    1.80            aria-level="1"
    1.81 @@ -327,13 +377,18 @@
    1.82                class="tocxref"><span class="secno">4.</span> Security and privacy considerations</a>
    1.83            <ul class="toc">
    1.84              <li class="tocline">
    1.85 +              <a href="#security-considerations-for-api-implementations"
    1.86 +                  class="tocxref"><span class="secno">4.1</span> Security considerations for <abbr title=
    1.87 +                  "Application Programming Interface">API</abbr> implementations</a>
    1.88 +            </li>
    1.89 +            <li class="tocline">
    1.90                <a href="#privacy-considerations-for-api-implementations"
    1.91 -                  class="tocxref"><span class="secno">4.1</span> Privacy considerations for <abbr title=
    1.92 +                  class="tocxref"><span class="secno">4.2</span> Privacy considerations for <abbr title=
    1.93                    "Application Programming Interface">API</abbr> implementations</a>
    1.94              </li>
    1.95              <li class="tocline">
    1.96                <a href="#additional-api-implementation-considerations"
    1.97 -                  class="tocxref"><span class="secno">4.2</span> Additional <abbr title=
    1.98 +                  class="tocxref"><span class="secno">4.3</span> Additional <abbr title=
    1.99                    "Application Programming Interface">API</abbr> implementation considerations</a>
   1.100              </li>
   1.101            </ul>
   1.102 @@ -484,7 +539,11 @@
   1.103          The user agent, having captured all advertised services on the network from the <a href=
   1.104          "#dfn-service-discovery-mechanisms"
   1.105             class="internalDFN">service discovery mechanisms</a> included in this recommendation, attempts to match the
   1.106 -           requested service type to a discovered service according to the processing described herein.
   1.107 +           requested service type to a discovered service according to the processing described herein. Only
   1.108 +           Local-networked Services that pass a <a href="#dfn-cors-preflight-check"
   1.109 +           class="internalDFN">CORS preflight check</a> should be made available to web pages by a user agent. A user
   1.110 +           agent may provide a way for users to white-list non-CORS enabled Local-networked Services but implementation
   1.111 +           of such a feature is left to the discretion of the implementer.
   1.112        </p>
   1.113        <p>
   1.114          If a service connectivity request is successful then the Web page is provided with a promise-based success
   1.115 @@ -728,7 +787,7 @@
   1.116        </p>
   1.117        <p>
   1.118          A <dfn id="dfn-user-agent-generated-callback-url">user-agent generated callback url</dfn> is a Local-network
   1.119 -        accessible <abbr title="Uniform Resource Locator">URL</abbr> endpoint that a <a href="#dfn-user-agent"
   1.120 +        accessible URL endpoint that a <a href="#dfn-user-agent"
   1.121             class="internalDFN">user agent</a> generates and maintains for receiving <abbr title=
   1.122             "Hypertext Transfer Protocol">HTTP</abbr> NOTIFY requests from UPnP Event sources. It is only required when
   1.123             the user agent implements UPnP Service Discovery as defined in this specification.
   1.124 @@ -753,6 +812,19 @@
   1.125                class="internalDFN">list of active service managers</a>.
   1.126          </li>
   1.127        </ul>
   1.128 +      <p>
   1.129 +        A <dfn id="dfn-network-services-whitelist">network services whitelist</dfn> is a list of zero or more <a href=
   1.130 +        "#dfn-valid-service-type"
   1.131 +           class="internalDFN">valid service type</a> tokens that, when matched to a service type discovered in the
   1.132 +           local network, enables that service to be shared with a web page even if that Local-networked Service does
   1.133 +           not itself allow Cross-Origin Resource Sharing [<cite><a class="bibref"
   1.134 +           href="#bib-CORS">CORS</a></cite>]. A <a href="#dfn-user-agent"
   1.135 +           class="internalDFN">user agent</a> <em class="rfc2119"
   1.136 +           title="MUST">MUST</em> simulate CORS support for all service interaction in this case. Implementation of
   1.137 +           this feature is at implementer's discretion. When a <a href="#dfn-user-agent"
   1.138 +           class="internalDFN">user agent</a> does not implement a <a href="#dfn-network-services-whitelist"
   1.139 +           class="internalDFN">network services whitelist</a> then it is to treat this as always being an empty list.
   1.140 +      </p>
   1.141      </section>
   1.142      <section id="security-and-privacy-considerations">
   1.143        <h2 aria-level="1"
   1.144 @@ -772,11 +844,49 @@
   1.145             title="MUST">MUST</em> ensure that no networked service information is retrievable without the user's
   1.146             express permission.
   1.147        </p>
   1.148 +      <section id="security-considerations-for-api-implementations">
   1.149 +        <h3 aria-level="2"
   1.150 +            role="heading"
   1.151 +            id="h3_security-considerations-for-api-implementations">
   1.152 +          <span class="secno">4.1</span> Security considerations for <abbr title=
   1.153 +          "Application Programming Interface">API</abbr> implementations
   1.154 +        </h3>
   1.155 +        <p>
   1.156 +          A <a href="#dfn-user-agent"
   1.157 +             class="internalDFN">user agent</a> <em class="rfc2119"
   1.158 +             title="MUST">MUST</em> allow web pages to connect only with Local-networked Services that have passed a
   1.159 +             <a href="#dfn-cors-preflight-check"
   1.160 +             class="internalDFN">CORS preflight check</a> indicating they support Cross-Origin Resource Sharing
   1.161 +             [<cite><a class="bibref"
   1.162 +             href="#bib-CORS">CORS</a></cite>] during the <a href="#dfn-service-discovery-mechanisms"
   1.163 +             class="internalDFN">service discovery mechanisms</a> provided in this specification. In this way, a
   1.164 +             <a href="#dfn-user-agent"
   1.165 +             class="internalDFN">user agent</a> <em class="rfc2119"
   1.166 +             title="MUST NOT">MUST NOT</em> allow web pages to access other arbitrary networked services on the current
   1.167 +             local network.
   1.168 +        </p>
   1.169 +        <p>
   1.170 +          A <a href="#dfn-user-agent"
   1.171 +             class="internalDFN">user agent</a> <em class="rfc2119"
   1.172 +             title="MAY">MAY</em> provide a way for users to enable access to non-CORS enabled Local-networked Services
   1.173 +             from web pages (i.e. operate a <a href="#dfn-network-services-whitelist"
   1.174 +             class="internalDFN">network services whitelist</a>). Implementation of such a <a href=
   1.175 +             "#dfn-network-services-whitelist"
   1.176 +             class="internalDFN">network services whitelist</a>, if any, is left to an implementer's discretion. Such a
   1.177 +             whitelist may be configurable by each user at runtime or may be managed by the implementation itself on
   1.178 +             behalf of its users. In the case that a <a href="#dfn-user-agent"
   1.179 +             class="internalDFN">user agent</a> provides a <a href="#dfn-network-services-whitelist"
   1.180 +             class="internalDFN">network services whitelist</a>, it <em class="rfc2119"
   1.181 +             title="MUST">MUST</em> act as if all URLs for the Local-networked Service corresponding to any previously
   1.182 +             whitelisted service type had Cross-Origin Resource Sharing [<cite><a class="bibref"
   1.183 +             href="#bib-CORS">CORS</a></cite>] enabled indefinitely.
   1.184 +        </p>
   1.185 +      </section>
   1.186        <section id="privacy-considerations-for-api-implementations">
   1.187          <h3 aria-level="2"
   1.188              role="heading"
   1.189              id="h3_privacy-considerations-for-api-implementations">
   1.190 -          <span class="secno">4.1</span> Privacy considerations for <abbr title=
   1.191 +          <span class="secno">4.2</span> Privacy considerations for <abbr title=
   1.192            "Application Programming Interface">API</abbr> implementations
   1.193          </h3>
   1.194          <p>
   1.195 @@ -786,10 +896,9 @@
   1.196               permission of the user. A user agent <em class="rfc2119"
   1.197               title="MUST">MUST</em> acquire permission through a user interface, unless they have prearranged trust
   1.198               relationships with users, as described below. The user interface <em class="rfc2119"
   1.199 -             title="MUST">MUST</em> include the document base <abbr title="Uniform Resource Locator">URL</abbr>. Those
   1.200 -             permissions that are acquired through the user interface and that are preserved beyond the current
   1.201 -             browsing session (i.e. beyond the time when the browsing context is navigated to another <abbr title=
   1.202 -             "Uniform Resource Locator">URL</abbr>) <em class="rfc2119"
   1.203 +             title="MUST">MUST</em> include the document base URL. Those permissions that are acquired through the user
   1.204 +             interface and that are preserved beyond the current browsing session (i.e. beyond the time when the
   1.205 +             browsing context is navigated to another URL) <em class="rfc2119"
   1.206               title="MUST">MUST</em> be revocable and a user agent <em class="rfc2119"
   1.207               title="MUST">MUST</em> respect revoked permissions.
   1.208          </p>
   1.209 @@ -817,20 +926,19 @@
   1.210          <h3 aria-level="2"
   1.211              role="heading"
   1.212              id="h3_additional-api-implementation-considerations">
   1.213 -          <span class="secno">4.2</span> Additional <abbr title="Application Programming Interface">API</abbr>
   1.214 +          <span class="secno">4.3</span> Additional <abbr title="Application Programming Interface">API</abbr>
   1.215            implementation considerations
   1.216          </h3>
   1.217          <p>
   1.218            <em>This section is non-normative.</em>
   1.219          </p>
   1.220          <p>
   1.221 -          Further to the requirements listed in the previous section, implementors of the Network Service Discovery
   1.222 +          Further to the requirements listed in the previous section, implementers of the Network Service Discovery
   1.223            <abbr title="Application Programming Interface">API</abbr> are also advised to consider the following aspects
   1.224            that can negatively affect the privacy of their users: in certain cases, users can inadvertently grant
   1.225            permission to the user agent to disclose networked services to Web sites. In other cases, the content hosted
   1.226 -          at a certain <abbr title="Uniform Resource Locator">URL</abbr> changes in such a way that previously granted
   1.227 -          networked service permissions no longer apply as far as the user is concerned. Or the users might simply
   1.228 -          change their minds.
   1.229 +          at a certain URL changes in such a way that previously granted networked service permissions no longer apply
   1.230 +          as far as the user is concerned. Or the users might simply change their minds.
   1.231          </p>
   1.232          <p>
   1.233            Predicting or preventing these situations is inherently difficult. Mitigation and in-depth defensive measures
   1.234 @@ -1035,21 +1143,8 @@
   1.235              permission above - known as the current objects <dfn id="dfn-user-authorized">user-authorized</dfn>
   1.236              services.
   1.237              </li>
   1.238 -            <li>Remove all previously whitelisted urls from the <a href="#dfn-entry-script-origin-s-url-whitelist"
   1.239 -                  class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
   1.240 -                  whitelist</a> granted in the current <a href=
   1.241 -                  "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
   1.242 -                  class="externalDFN">entry script</a>'s <a href=
   1.243 -                  "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
   1.244 -                  class="externalDFN">origin</a>.
   1.245 -            </li>
   1.246              <li>For each Object <var>service</var> in <var>services</var>, if any, run the following sub-steps:
   1.247                <ol class="rule">
   1.248 -                <li>Add the <var>service</var>'s <code>url</code> parameter to the <a href=
   1.249 -                "#dfn-entry-script-origin-s-url-whitelist"
   1.250 -                      class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
   1.251 -                      whitelist</a>.
   1.252 -                </li>
   1.253                  <li>If <var>service</var>'s <code>type</code> parameter begins with the DOMString "<code>upnp:</code>"
   1.254                  and the <var>service</var>'s <code>eventsUrl</code> parameter is not empty then <a href=
   1.255                  "#dfn-setup-a-upnp-events-subscription"
   1.256 @@ -1096,34 +1191,6 @@
   1.257                 class="externalDFN">user interaction task source</a>.
   1.258            </p>
   1.259            <p>
   1.260 -            When a <a href="#networkservice"><code>NetworkService</code></a> object is provided to a Web page, the
   1.261 -            <a href="#dfn-user-agent"
   1.262 -               class="internalDFN">user agent</a> <em class="rfc2119"
   1.263 -               title="MUST">MUST</em> add its <a href="#dom-networkservice-url"><code>url</code></a> to the <dfn id=
   1.264 -               "dfn-entry-script-origin-s-url-whitelist">entry script origin's <abbr title=
   1.265 -               "Uniform Resource Locator">URL</abbr> whitelist</dfn>. This list enables the Web page to override and
   1.266 -               initiate cross-site resource requests towards these URLs, and any sub-resources of these URLs, within
   1.267 -               the current <a href=
   1.268 -               "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
   1.269 -               class="externalDFN">entry script</a>'s <a href=
   1.270 -               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
   1.271 -               class="externalDFN">origin</a> via various existing mechanisms (e.g. Web Sockets, Server-Sent Events,
   1.272 -               Web Messaging, XMLHttpRequest).
   1.273 -          </p>
   1.274 -          <p>
   1.275 -            If the user navigates away from the <a href=
   1.276 -            "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
   1.277 -               class="externalDFN">entry script</a>'s <a href=
   1.278 -               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
   1.279 -               class="externalDFN">origin</a> or permission to access a given networked service is revoked at any time
   1.280 -               by the platform or user then the <a href="#dfn-user-agent"
   1.281 -               class="internalDFN">user agent</a> <em class="ct"><em class="rfc2119"
   1.282 -                title="MUST">MUST</em></em> remove its previously whitelisted urls from the <a href=
   1.283 -                "#dfn-entry-script-origin-s-url-whitelist"
   1.284 -               class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
   1.285 -               whitelist</a>.
   1.286 -          </p>
   1.287 -          <p>
   1.288              There is no implied persistence to networked service sharing provided to a web page. It <em class="rfc2119"
   1.289                 title="MUST NOT">MUST NOT</em> be possible to access a previously white-listed networked service without
   1.290                 user authorization in all of the following cases:
   1.291 @@ -1479,11 +1546,7 @@
   1.292            </dt>
   1.293            <dd>
   1.294              <p>
   1.295 -              The control <abbr title="Uniform Resource Locator">URL</abbr> endpoint (including any required port
   1.296 -              information) of the user-selected control service that has been added to the <a href=
   1.297 -              "#dfn-entry-script-origin-s-url-whitelist"
   1.298 -                 class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr>
   1.299 -                 whitelist</a>.
   1.300 +              The control URL endpoint (including any required port information) of the user-selected control service.
   1.301              </p>
   1.302            </dd>
   1.303            <dt>
   1.304 @@ -1513,12 +1576,10 @@
   1.305          <p>
   1.306            The <dfn id="dom-networkservice-url"><code>url</code></dfn> attribute is an <a href=
   1.307            "http://url.spec.whatwg.org/#concept-absolute-url"
   1.308 -             class="externalDFN">absolute <abbr title="Uniform Resource Locator">URL</abbr></a> pointing to the root
   1.309 -             <abbr title="Hypertext Transfer Protocol">HTTP</abbr> endpoint for the service that has been added to the
   1.310 -             <a href="#dfn-entry-script-origin-s-url-whitelist"
   1.311 -             class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr> whitelist</a>.
   1.312 -             Web pages can subsequently use this value for implicit cross-document messaging via various existing
   1.313 -             mechanisms (e.g. Web Sockets, Server-Sent Events, Web Messaging, XMLHttpRequest).
   1.314 +             class="externalDFN">absolute URL</a> pointing to the root <abbr title=
   1.315 +             "Hypertext Transfer Protocol">HTTP</abbr> endpoint for the service. Web pages can subsequently use this
   1.316 +             value for implicit cross-document messaging via various existing mechanisms (e.g. Web Sockets, Server-Sent
   1.317 +             Events, Web Messaging, XMLHttpRequest).
   1.318          </p>
   1.319          <p>
   1.320            The <dfn id="dom-networkservice-config"><code>config</code></dfn> attribute provides the raw configuration
   1.321 @@ -1836,6 +1897,49 @@
   1.322             class="internalDFN">removing an available service</a>, passing in the expired service record's
   1.323             <code>id</code> attribute as the only argument.
   1.324        </p>
   1.325 +      <p>
   1.326 +        The <dfn id="dfn-cors-preflight-check">CORS preflight check</dfn> algorithm determines whether a
   1.327 +        Local-networked Service supports Cross-Origin Resource Sharing [<cite><a class="bibref"
   1.328 +           href="#bib-CORS">CORS</a></cite>] prior to that service being proposed for sharing to users and prior to
   1.329 +           active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and
   1.330 +           consists of running the following steps:
   1.331 +      </p>
   1.332 +      <ol class="rule">
   1.333 +        <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
   1.334 +        "http://www.w3.org/TR/cors/#cross-origin-request-status"
   1.335 +              class="externalDFN">cross-origin request status</a> [<cite><a class="bibref"
   1.336 +             href="#bib-CORS">CORS</a></cite>] after performing a <a href=
   1.337 +             "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
   1.338 +              class="externalDFN">cross-origin request with preflight</a> [<cite><a class="bibref"
   1.339 +             href="#bib-CORS">CORS</a></cite>] towards the <var>control endpoint URL</var> with the <a href=
   1.340 +             "http://www.w3.org/TR/cors/#source-origin"
   1.341 +              class="externalDFN">source origin</a> [<cite><a class="bibref"
   1.342 +             href="#bib-CORS">CORS</a></cite>] set to the public IP address of the current machine, terminating this
   1.343 +             algorithm at Step 2 (when <a href="http://www.w3.org/TR/cors/#cross-origin-request-status"
   1.344 +              class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
   1.345 +              prior error has occurred in the algorithm).
   1.346 +        </li>
   1.347 +        <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
   1.348 +        <code>pass</code>. Otherwise, return <code>fail</code>.
   1.349 +        </li>
   1.350 +      </ol>
   1.351 +      <p>
   1.352 +        User agents <em class="rfc2119"
   1.353 +           title="SHOULD">SHOULD</em> re-run the <a href="#dfn-cors-preflight-check"
   1.354 +           class="internalDFN">CORS preflight check</a> algorithm against service endpoint URLs when their <a href=
   1.355 +           "http://www.w3.org/TR/cors/#cache-max-age"
   1.356 +           class="externalDFN">max-age</a> [<cite><a class="bibref"
   1.357 +           href="#bib-CORS">CORS</a></cite>] entry in the <a href="http://www.w3.org/TR/cors/#preflight-result-cache"
   1.358 +           class="externalDFN">preflight result cache</a> [<cite><a class="bibref"
   1.359 +           href="#bib-CORS">CORS</a></cite>] exceeds the current time. If this subsequent execution of the <a href=
   1.360 +           "#dfn-cors-preflight-check"
   1.361 +           class="internalDFN">CORS preflight check</a> algorithm returns <code>fail</code> then the <a href=
   1.362 +           "#dfn-user-agent"
   1.363 +           class="internalDFN">user agent</a> <em class="rfc2119"
   1.364 +           title="MUST">MUST</em> run the general rule for <a href="#dfn-removing-an-available-service"
   1.365 +           class="internalDFN">removing an available service</a> passing in the associated <var>network service
   1.366 +           record</var>'s <code>id</code> attribute as the only argument.
   1.367 +      </p>
   1.368        <section id="zeroconf-mdns-dns-sd">
   1.369          <h3 aria-level="2"
   1.370              role="heading"
   1.371 @@ -1879,9 +1983,9 @@
   1.372                Instance Name's <var>Service</var> component [<cite><a class="bibref"
   1.373                     href="#bib-MDNS">MDNS</a></cite>].
   1.374                </li>
   1.375 -              <li>Set <var>network service record</var>'s <code>url</code> property to the resolvable Service
   1.376 -              <abbr title="Uniform Resource Locator">URL</abbr> obtained from performing an <abbr title=
   1.377 -              "Domain Name System">DNS</abbr>-<abbr title="Service Discovery">SD</abbr> Lookup [<cite><a class="bibref"
   1.378 +              <li>Set <var>network service record</var>'s <code>url</code> property to the resolvable Service URL
   1.379 +              obtained from performing an <abbr title="Domain Name System">DNS</abbr>-<abbr title=
   1.380 +              "Service Discovery">SD</abbr> Lookup [<cite><a class="bibref"
   1.381                     href="#bib-DNS-SD">DNS-SD</a></cite>] of the current service from the <abbr title=
   1.382                     "DNS Pointer Record">PTR</abbr> record provided [<cite><a class="bibref"
   1.383                     href="#bib-MDNS">MDNS</a></cite>].
   1.384 @@ -1895,9 +1999,16 @@
   1.385                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   1.386                current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
   1.387                </li>
   1.388 -              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
   1.389 +              <li>If the result of running the <a href="#dfn-cors-preflight-check"
   1.390 +                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
   1.391 +                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
   1.392 +                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
   1.393 +                    "#dfn-network-services-whitelist"
   1.394 +                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
   1.395 +                    "#dfn-adding-an-available-service"
   1.396                      class="internalDFN">adding an available service</a>, passing in the current <var>network service
   1.397 -                    record</var> as the only argument.
   1.398 +                    record</var> as the only argument. Otherwise, discard the current <var>network service
   1.399 +                    record</var>.
   1.400                </li>
   1.401              </ol>
   1.402            </li>
   1.403 @@ -1997,11 +2108,10 @@
   1.404            <li>The user agent <em class="rfc2119"
   1.405                  title="MUST">MUST</em> run the rule for <a href="#dfn-obtaining-a-upnp-device-description-file"
   1.406                  class="internalDFN">obtaining a UPnP Device Description File</a> passing in the first occurrence of
   1.407 -                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor <abbr title=
   1.408 -                "Uniform Resource Locator">URL</abbr></var> argument and the first occurrence of <var>USN</var> from
   1.409 -                <var>ssdp device</var> as the <var>device identifier</var> argument and the first occurrence of
   1.410 -                <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the leading string of
   1.411 -                <code>max-age=</code>) as the <var>device expiry</var> argument.
   1.412 +                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor URL</var> argument and
   1.413 +                the first occurrence of <var>USN</var> from <var>ssdp device</var> as the <var>device identifier</var>
   1.414 +                argument and the first occurrence of <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the
   1.415 +                leading string of <code>max-age=</code>) as the <var>device expiry</var> argument.
   1.416            </li>
   1.417          </ol>
   1.418          <p>
   1.419 @@ -2042,11 +2152,10 @@
   1.420            <em class="rfc2119"
   1.421                  title="MUST">MUST</em> run the rule for <a href="#dfn-obtaining-a-upnp-device-description-file"
   1.422                  class="internalDFN">obtaining a UPnP Device Description File</a> passing in the first occurrence of
   1.423 -                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor <abbr title=
   1.424 -                "Uniform Resource Locator">URL</abbr></var> argument and the first occurrence of <var>USN</var> from
   1.425 -                <var>ssdp device</var> as the <var>device identifier</var> argument and the first occurrence of
   1.426 -                <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the leading string of
   1.427 -                <code>max-age=</code>) as the <var>device expiry</var>.<br>
   1.428 +                <var>LOCATION</var> from <var>ssdp device</var> as the <var>device descriptor URL</var> argument and
   1.429 +                the first occurrence of <var>USN</var> from <var>ssdp device</var> as the <var>device identifier</var>
   1.430 +                argument and the first occurrence of <var>CACHE-CONTROL</var> from <var>ssdp device</var> (minus the
   1.431 +                leading string of <code>max-age=</code>) as the <var>device expiry</var>.<br>
   1.432              <br>
   1.433              Otherwise, if <var>ssdp device</var>'s <var>NTS</var> entry is equal to <code>ssdp:byebye</code> then the
   1.434              user agent <em class="rfc2119"
   1.435 @@ -2060,23 +2169,20 @@
   1.436            The rule for <dfn id="dfn-obtaining-a-upnp-device-description-file">obtaining a UPnP Device Description
   1.437            File</dfn> is the process of obtaining the contents of a standard UPnP Device Description [<cite><a class=
   1.438            "bibref"
   1.439 -             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a <abbr title=
   1.440 -             "Uniform Resource Locator">URL</abbr>-based resource. This rule takes three arguments - <var>device
   1.441 -             descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>, <var>device identifier</var> and
   1.442 -             <var>device expiry</var> - and when called the user agent <em class="rfc2119"
   1.443 +             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a URL-based resource. This rule takes
   1.444 +             three arguments - <var>device descriptor URL</var>, <var>device identifier</var> and <var>device
   1.445 +             expiry</var> - and when called the user agent <em class="rfc2119"
   1.446               title="MUST">MUST</em> run the following steps:
   1.447          </p>
   1.448          <ol class="rule">
   1.449 -          <li>Let <var>device descriptor file</var> contain the contents of the file located at the <abbr title=
   1.450 -          "Uniform Resource Locator">URL</abbr> provided in <var>device descriptor <abbr title=
   1.451 -          "Uniform Resource Locator">URL</abbr></var> obtained according to the rules defined in 'Section 2.11:
   1.452 -          Retrieving a description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class=
   1.453 -          "bibref"
   1.454 +          <li>Let <var>device descriptor file</var> contain the contents of the file located at the URL provided in
   1.455 +          <var>device descriptor URL</var> obtained according to the rules defined in 'Section 2.11: Retrieving a
   1.456 +          description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class="bibref"
   1.457                 href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>].
   1.458            </li>
   1.459 -          <li>If the value provided in <var>device descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>
   1.460 -          cannot be resolved as a reachable <abbr title="Uniform Resource Locator">URL</abbr> on the current network or
   1.461 -          the <var>device descriptor file</var> remains empty then it is invalid and the <a href="#dfn-user-agent"
   1.462 +          <li>If the value provided in <var>device descriptor URL</var> cannot be resolved as a reachable URL on the
   1.463 +          current network or the <var>device descriptor file</var> remains empty then it is invalid and the <a href=
   1.464 +          "#dfn-user-agent"
   1.465                  class="internalDFN">user agent</a> <em class="rfc2119"
   1.466                  title="MUST">MUST</em> abort any remaining steps and return.
   1.467            </li>
   1.468 @@ -2142,9 +2248,16 @@
   1.469                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   1.470                current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
   1.471                </li>
   1.472 -              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
   1.473 +              <li>If the result of running the <a href="#dfn-cors-preflight-check"
   1.474 +                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
   1.475 +                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
   1.476 +                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
   1.477 +                    "#dfn-network-services-whitelist"
   1.478 +                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
   1.479 +                    "#dfn-adding-an-available-service"
   1.480                      class="internalDFN">adding an available service</a>, passing in the current <var>network service
   1.481 -                    record</var> as the only argument.
   1.482 +                    record</var> as the only argument. Otherwise, discard the current <var>network service
   1.483 +                    record</var>.
   1.484                </li>
   1.485              </ol>
   1.486            </li>
   1.487 @@ -2195,16 +2308,15 @@
   1.488                  class="internalDFN">user agent</a> <em class="rfc2119"
   1.489                  title="MUST">MUST</em> abort these steps.
   1.490            </li>
   1.491 -          <li>Let <var>callback <abbr title="Uniform Resource Locator">URL</abbr></var> be the value of creating a new
   1.492 -          <a href="#dfn-user-agent-generated-callback-url"
   1.493 +          <li>Let <var>callback URL</var> be the value of creating a new <a href=
   1.494 +          "#dfn-user-agent-generated-callback-url"
   1.495                  class="internalDFN">user-agent generated callback url</a>.
   1.496            </li>
   1.497            <li>Send a <abbr title="Hypertext Transfer Protocol">HTTP</abbr> SUBSCRIBE request with a <em>NT</em> header
   1.498            with a string value of <code>upnp:event</code>, a <em>TIMEOUT</em> header with a user-agent defined timeout
   1.499            value (in the form <code>Second-XX</code> where <code>XX</code> is the user-agent defined timeout value in
   1.500 -          seconds) and a <em>CALLBACK</em> header with a string value of <var>callback <abbr title=
   1.501 -          "Uniform Resource Locator">URL</abbr></var> towards the <var>network service record</var>'s
   1.502 -          <code>eventsUrl</code> property.
   1.503 +          seconds) and a <em>CALLBACK</em> header with a string value of <var>callback URL</var> towards the
   1.504 +          <var>network service record</var>'s <code>eventsUrl</code> property.
   1.505            </li>
   1.506            <li>If a non-200 OK response is received from the <abbr title="Hypertext Transfer Protocol">HTTP</abbr>
   1.507            SUBSCRIBE request then the <a href="#dfn-user-agent"
   1.508 @@ -2252,8 +2364,7 @@
   1.509                </li>
   1.510                <li>
   1.511                  <em>Listen</em>: For each <abbr title="Hypertext Transfer Protocol">HTTP</abbr> NOTIFY request received
   1.512 -                at the <var>callback <abbr title="Uniform Resource Locator">URL</abbr></var> the <a href=
   1.513 -                "#dfn-user-agent"
   1.514 +                at the <var>callback URL</var> the <a href="#dfn-user-agent"
   1.515                      class="internalDFN">user agent</a> is to run the following steps:
   1.516                  <ol class="rule">
   1.517                    <li>Let <var>content clone</var> be the result of obtaining the message body of the <abbr title=
   1.518 @@ -2384,41 +2495,35 @@
   1.519            <li>The user agent <em class="rfc2119"
   1.520                  title="MUST">MUST</em> run the rule for <a href="#dfn-obtaining-a-upnp-device-description-file"
   1.521                  class="internalDFN">obtaining a UPnP Device Description File</a> passing in the first occurrence of
   1.522 -                <var>LOCATION</var> from <var>dial device</var> as the <var>device descriptor <abbr title=
   1.523 -                "Uniform Resource Locator">URL</abbr></var> argument and the first occurrence of <var>USN</var> from
   1.524 -                <var>dial device</var> as the <var>device identifier</var> argument and the first occurrence of
   1.525 -                <var>CACHE-CONTROL</var> from <var>dial device</var> (minus the leading string of
   1.526 -                <code>max-age=</code>) as the <var>device expiry</var> argument.
   1.527 +                <var>LOCATION</var> from <var>dial device</var> as the <var>device descriptor URL</var> argument and
   1.528 +                the first occurrence of <var>USN</var> from <var>dial device</var> as the <var>device identifier</var>
   1.529 +                argument and the first occurrence of <var>CACHE-CONTROL</var> from <var>dial device</var> (minus the
   1.530 +                leading string of <code>max-age=</code>) as the <var>device expiry</var> argument.
   1.531            </li>
   1.532          </ol>
   1.533          <p>
   1.534            The rule for <dfn id="dfn-obtaining-a-dial-device-description-file">obtaining a <abbr title=
   1.535            "Discovery and Launch Protocol">DIAL</abbr> Device Description File</dfn> is the process of obtaining the
   1.536            contents of a standard UPnP Device Description [<cite><a class="bibref"
   1.537 -             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a <abbr title=
   1.538 -             "Uniform Resource Locator">URL</abbr>-based resource. This rule takes three arguments - <var>device
   1.539 -             descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>, <var>device identifier</var> and
   1.540 -             <var>device expiry</var> - and when called the user agent <em class="rfc2119"
   1.541 +             href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>] from a URL-based resource. This rule takes
   1.542 +             three arguments - <var>device descriptor URL</var>, <var>device identifier</var> and <var>device
   1.543 +             expiry</var> - and when called the user agent <em class="rfc2119"
   1.544               title="MUST">MUST</em> run the following steps:
   1.545          </p>
   1.546          <ol class="rule">
   1.547 -          <li>Let <var>device descriptor file</var> contain the contents of the file located at the <abbr title=
   1.548 -          "Uniform Resource Locator">URL</abbr> provided in <var>device descriptor <abbr title=
   1.549 -          "Uniform Resource Locator">URL</abbr></var> obtained according to the rules defined in 'Section 2.11:
   1.550 -          Retrieving a description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class=
   1.551 -          "bibref"
   1.552 +          <li>Let <var>device descriptor file</var> contain the contents of the file located at the URL provided in
   1.553 +          <var>device descriptor URL</var> obtained according to the rules defined in 'Section 2.11: Retrieving a
   1.554 +          description using <abbr title="Hypertext Transfer Protocol">HTTP</abbr>' in [<cite><a class="bibref"
   1.555                 href="#bib-UPNP-DEVICEARCH11">UPNP-DEVICEARCH11</a></cite>].
   1.556            </li>
   1.557 -          <li>Let <var>application url</var> be the value of the first occurrence of the
   1.558 -            <code>Application-<abbr title="Uniform Resource Locator">URL</abbr></code> response header field obtained
   1.559 -            according to the rules defined in 'Section 5.4: Device Description Response' in [<a href=
   1.560 -            "https://sites.google.com/a/dial-multiscreen.org/dial/dial-protocol-specification"><abbr title=
   1.561 -            "Discovery and Launch Protocol">DIAL</abbr></a>]
   1.562 +          <li>Let <var>application url</var> be the value of the first occurrence of the <code>Application-URL</code>
   1.563 +          response header field obtained according to the rules defined in 'Section 5.4: Device Description Response'
   1.564 +          in [<a href="https://sites.google.com/a/dial-multiscreen.org/dial/dial-protocol-specification"><abbr title=
   1.565 +          "Discovery and Launch Protocol">DIAL</abbr></a>]
   1.566            </li>
   1.567 -          <li>If the value provided in <var>device descriptor <abbr title="Uniform Resource Locator">URL</abbr></var>
   1.568 -          cannot be resolved as a reachable <abbr title="Uniform Resource Locator">URL</abbr> on the current network or
   1.569 -          the <var>device descriptor file</var> remains empty or <var>application url</var> is undefined then it is
   1.570 -          invalid and the <a href="#dfn-user-agent"
   1.571 +          <li>If the value provided in <var>device descriptor URL</var> cannot be resolved as a reachable URL on the
   1.572 +          current network or the <var>device descriptor file</var> remains empty or <var>application url</var> is
   1.573 +          undefined then it is invalid and the <a href="#dfn-user-agent"
   1.574                  class="internalDFN">user agent</a> <em class="rfc2119"
   1.575                  title="MUST">MUST</em> abort any remaining steps and return.
   1.576            </li>
   1.577 @@ -2447,9 +2552,16 @@
   1.578                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   1.579                current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
   1.580                </li>
   1.581 -              <li>Run the general rule for <a href="#dfn-adding-an-available-service"
   1.582 +              <li>If the result of running the <a href="#dfn-cors-preflight-check"
   1.583 +                    class="internalDFN">CORS preflight check</a> algorithm is <code>pass</code>, passing in the current
   1.584 +                    <var>network service record</var>'s <code>url</code> property as the only argument, or the current
   1.585 +                    <var>network service record</var>'s <code>type</code> property is present in the <a href=
   1.586 +                    "#dfn-network-services-whitelist"
   1.587 +                    class="internalDFN">network services whitelist</a> then run the general rule for <a href=
   1.588 +                    "#dfn-adding-an-available-service"
   1.589                      class="internalDFN">adding an available service</a>, passing in the current <var>network service
   1.590 -                    record</var> as the only argument.
   1.591 +                    record</var> as the only argument. Otherwise, discard the current <var>network service
   1.592 +                    record</var>.
   1.593                </li>
   1.594              </ol>
   1.595            </li>
   1.596 @@ -2621,10 +2733,7 @@
   1.597             class="externalDFN"><code>Document</code></a> object goes away), the <a href="#dfn-user-agent"
   1.598             class="internalDFN">user agent</a> <em class="rfc2119"
   1.599             title="MUST">MUST</em> remove this object from the <a href="#dfn-list-of-active-service-managers"
   1.600 -           class="internalDFN">list of active service managers</a> and remove the <a href=
   1.601 -           "#dom-networkservice-url"><code>url</code></a> of each of its <a href="#dfn-indexed-properties-1"
   1.602 -           class="internalDFN">indexed properties</a> from the <a href="#dfn-entry-script-origin-s-url-whitelist"
   1.603 -           class="internalDFN">entry script origin's <abbr title="Uniform Resource Locator">URL</abbr> whitelist</a>.
   1.604 +           class="internalDFN">list of active service managers</a>.
   1.605        </p>
   1.606      </section>
   1.607      <section id="use-cases-and-requirements">
   1.608 @@ -2801,11 +2910,9 @@
   1.609  "str">"POST"</span><span class="pun">,</span><span class="pln"> services</span><span class="pun">[</span><span class=
   1.610  "lit">0</span><span class="pun">].</span><span class="pln">url </span><span class="pun">+</span><span class=
   1.611  "pln"> </span><span class="str">"/getAlbums"</span><span class="pun">);</span><span class="pln"> </span><span class=
   1.612 -"com">// services[0].url and its sub-resources have been</span><span class="pln">
   1.613 +"com">// services[0].url and its sub-resources are</span><span class="pln">
   1.614                                                          </span><span class=
   1.615 -"com">// whitelisted for cross-site XHR use in this</span><span class="pln">
   1.616 -                                                        </span><span class=
   1.617 -"com">// current browsing context.</span><span class="pln">
   1.618 +"com">// available for cross-site XHR use.</span><span class="pln">
   1.619  
   1.620     svcXhr</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class=
   1.621  "pun">(</span><span class="str">'Content-Type'</span><span class="pun">,</span><span class="pln"> </span><span class=
   1.622 @@ -3067,12 +3174,9 @@
   1.623      svcXhr</span><span class="pun">.</span><span class="pln">open</span><span class="pun">(</span><span class=
   1.624  "str">"POST"</span><span class="pun">,</span><span class="pln"> services</span><span class="pun">[</span><span class=
   1.625  "lit">0</span><span class="pun">].</span><span class="pln">url</span><span class="pun">);</span><span class=
   1.626 -"pln"> </span><span class="com">// services[0].url and its</span><span class="pln">
   1.627 +"pln"> </span><span class="com">// services[0].url and its sub-resources are</span><span class="pln">
   1.628                                            </span><span class=
   1.629 -"com">// sub-resources have been whitelisted for</span><span class="pln">
   1.630 -                                          </span><span class=
   1.631 -"com">// cross-site XHR use in this current</span><span class="pln">
   1.632 -                                          </span><span class="com">// browsing context.</span><span class="pln">
   1.633 +"com">// available for cross-site XHR use.</span><span class="pln">
   1.634  
   1.635      svcXhr</span><span class="pun">.</span><span class="pln">setRequestHeader</span><span class=
   1.636  "pun">(</span><span class="str">'SOAPAction'</span><span class="pun">,</span><span class="pln"> </span><span class=
   1.637 @@ -3197,6 +3301,14 @@
   1.638          </h3>
   1.639          <dl class="bibliography"
   1.640              about="">
   1.641 +          <dt id="bib-CORS">
   1.642 +            [CORS]
   1.643 +          </dt>
   1.644 +          <dd rel="dcterms:requires">
   1.645 +            Anne van Kesteren. <a href="http://www.w3.org/TR/cors/"><cite>Cross-Origin Resource Sharing</cite></a>. 29
   1.646 +            January 2013. W3C Candidate Recommendation. URL: <a href=
   1.647 +            "http://www.w3.org/TR/cors/">http://www.w3.org/TR/cors/</a>
   1.648 +          </dd>
   1.649            <dt id="bib-DNS-SD">
   1.650              [DNS-SD]
   1.651            </dt>
     2.1 --- a/discovery-api/Overview.src.html	Sat Sep 28 11:13:44 2013 -0400
     2.2 +++ b/discovery-api/Overview.src.html	Mon Oct 07 14:07:57 2013 +1100
     2.3 @@ -143,7 +143,10 @@
     2.4        <p>
     2.5          The user agent, having captured all advertised services on the network from the <a>service discovery
     2.6          mechanisms</a> included in this recommendation, attempts to match the requested service type to a discovered
     2.7 -        service according to the processing described herein.
     2.8 +        service according to the processing described herein. Only Local-networked Services that pass a <a>CORS
     2.9 +        preflight check</a> should be made available to web pages by a user agent. A user agent may provide a way for
    2.10 +        users to white-list non-CORS enabled Local-networked Services but implementation of such a feature is left to
    2.11 +        the discretion of the implementer.
    2.12        </p>
    2.13        <p>
    2.14          If a service connectivity request is successful then the Web page is provided with a promise-based success
    2.15 @@ -327,6 +330,14 @@
    2.16          managers</a>.
    2.17          </li>
    2.18        </ul>
    2.19 +      <p>
    2.20 +        A <dfn>network services whitelist</dfn> is a list of zero or more <a>valid service type</a> tokens that, when
    2.21 +        matched to a service type discovered in the local network, enables that service to be shared with a web page
    2.22 +        even if that Local-networked Service does not itself allow Cross-Origin Resource Sharing [[!CORS]]. A <a>user
    2.23 +        agent</a> MUST simulate CORS support for all service interaction in this case. Implementation of this feature
    2.24 +        is at implementer's discretion. When a <a>user agent</a> does not implement a <a>network services whitelist</a>
    2.25 +        then it is to treat this as always being an empty list.
    2.26 +      </p>
    2.27      </section>
    2.28      <section>
    2.29        <h2>
    2.30 @@ -342,6 +353,26 @@
    2.31        </p>
    2.32        <section>
    2.33          <h3>
    2.34 +          Security considerations for API implementations
    2.35 +        </h3>
    2.36 +        <p>
    2.37 +          A <a>user agent</a> MUST allow web pages to connect only with Local-networked Services that have passed a
    2.38 +          <a>CORS preflight check</a> indicating they support Cross-Origin Resource Sharing [[!CORS]] during the
    2.39 +          <a>service discovery mechanisms</a> provided in this specification. In this way, a <a>user agent</a> MUST NOT
    2.40 +          allow web pages to access other arbitrary networked services on the current local network.
    2.41 +        </p>
    2.42 +        <p>
    2.43 +          A <a>user agent</a> MAY provide a way for users to enable access to non-CORS enabled Local-networked Services
    2.44 +          from web pages (i.e. operate a <a>network services whitelist</a>). Implementation of such a <a>network
    2.45 +          services whitelist</a>, if any, is left to an implementer's discretion. Such a whitelist may be configurable
    2.46 +          by each user at runtime or may be managed by the implementation itself on behalf of its users. In the case
    2.47 +          that a <a>user agent</a> provides a <a>network services whitelist</a>, it MUST act as if all URLs for the
    2.48 +          Local-networked Service corresponding to any previously whitelisted service type had Cross-Origin Resource
    2.49 +          Sharing [[!CORS]] enabled indefinitely.
    2.50 +        </p>
    2.51 +      </section>
    2.52 +      <section>
    2.53 +        <h3>
    2.54            Privacy considerations for API implementations
    2.55          </h3>
    2.56          <p>
    2.57 @@ -373,7 +404,7 @@
    2.58            Additional API implementation considerations
    2.59          </h3>
    2.60          <p>
    2.61 -          Further to the requirements listed in the previous section, implementors of the Network Service Discovery API
    2.62 +          Further to the requirements listed in the previous section, implementers of the Network Service Discovery API
    2.63            are also advised to consider the following aspects that can negatively affect the privacy of their users: in
    2.64            certain cases, users can inadvertently grant permission to the user agent to disclose networked services to
    2.65            Web sites. In other cases, the content hosted at a certain URL changes in such a way that previously granted
    2.66 @@ -558,17 +589,8 @@
    2.67              or more <a href="#networkservice"><code>NetworkService</code></a> objects for which the user granted
    2.68              permission above - known as the current objects <dfn>user-authorized</dfn> services.
    2.69              </li>
    2.70 -            <li>Remove all previously whitelisted urls from the <a>entry script origin's URL whitelist</a> granted in
    2.71 -            the current <a href="http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
    2.72 -                  class="externalDFN">entry script</a>'s <a href=
    2.73 -                  "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
    2.74 -                  class="externalDFN">origin</a>.
    2.75 -            </li>
    2.76              <li>For each Object <var>service</var> in <var>services</var>, if any, run the following sub-steps:
    2.77                <ol class="rule">
    2.78 -                <li>Add the <var>service</var>'s <code>url</code> parameter to the <a>entry script origin's
    2.79 -                  <abbr title="Uniform Resource Locator">URL</abbr> whitelist</a>.
    2.80 -                </li>
    2.81                  <li>If <var>service</var>'s <code>type</code> parameter begins with the DOMString "<code>upnp:</code>"
    2.82                  and the <var>service</var>'s <code>eventsUrl</code> parameter is not empty then <a>setup a UPnP Events
    2.83                  Subscription</a> for <var>service</var>.
    2.84 @@ -609,26 +631,6 @@
    2.85                 class="externalDFN">user interaction task source</a>.
    2.86            </p>
    2.87            <p>
    2.88 -            When a <a href="#networkservice"><code>NetworkService</code></a> object is provided to a Web page, the
    2.89 -            <a>user agent</a> MUST add its <a href="#dom-networkservice-url"><code>url</code></a> to the <dfn>entry
    2.90 -            script origin's URL whitelist</dfn>. This list enables the Web page to override and initiate cross-site
    2.91 -            resource requests towards these URLs, and any sub-resources of these URLs, within the current <a href=
    2.92 -            "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
    2.93 -               class="externalDFN">entry script</a>'s <a href=
    2.94 -               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
    2.95 -               class="externalDFN">origin</a> via various existing mechanisms (e.g. Web Sockets, Server-Sent Events,
    2.96 -               Web Messaging, XMLHttpRequest).
    2.97 -          </p>
    2.98 -          <p>
    2.99 -            If the user navigates away from the <a href=
   2.100 -            "http://www.whatwg.org/specs/web-apps/current-work/complete/browsers.html#entry-script"
   2.101 -               class="externalDFN">entry script</a>'s <a href=
   2.102 -               "http://www.whatwg.org/specs/web-apps/current-work/complete/origin-0.html#origin"
   2.103 -               class="externalDFN">origin</a> or permission to access a given networked service is revoked at any time
   2.104 -               by the platform or user then the <a>user agent</a> <em class="ct">MUST</em> remove its previously
   2.105 -               whitelisted urls from the <a>entry script origin's URL whitelist</a>.
   2.106 -          </p>
   2.107 -          <p>
   2.108              There is no implied persistence to networked service sharing provided to a web page. It MUST NOT be
   2.109              possible to access a previously white-listed networked service without user authorization in all of the
   2.110              following cases:
   2.111 @@ -942,8 +944,7 @@
   2.112            </dt>
   2.113            <dd>
   2.114              <p>
   2.115 -              The control URL endpoint (including any required port information) of the user-selected control service
   2.116 -              that has been added to the <a>entry script origin's URL whitelist</a>.
   2.117 +              The control URL endpoint (including any required port information) of the user-selected control service.
   2.118              </p>
   2.119            </dd>
   2.120            <dt>
   2.121 @@ -972,10 +973,9 @@
   2.122          <p>
   2.123            The <dfn id="dom-networkservice-url"><code>url</code></dfn> attribute is an <a href=
   2.124            "http://url.spec.whatwg.org/#concept-absolute-url"
   2.125 -             class="externalDFN">absolute URL</a> pointing to the root HTTP endpoint for the service that has been
   2.126 -             added to the <a>entry script origin's URL whitelist</a>. Web pages can subsequently use this value for
   2.127 -             implicit cross-document messaging via various existing mechanisms (e.g. Web Sockets, Server-Sent Events,
   2.128 -             Web Messaging, XMLHttpRequest).
   2.129 +             class="externalDFN">absolute URL</a> pointing to the root HTTP endpoint for the service. Web pages can
   2.130 +             subsequently use this value for implicit cross-document messaging via various existing mechanisms (e.g.
   2.131 +             Web Sockets, Server-Sent Events, Web Messaging, XMLHttpRequest).
   2.132          </p>
   2.133          <p>
   2.134            The <dfn id="dom-networkservice-config"><code>config</code></dfn> attribute provides the raw configuration
   2.135 @@ -1248,6 +1248,39 @@
   2.136          <a>user agent</a> SHOULD run the rule for <a>removing an available service</a>, passing in the expired service
   2.137          record's <code>id</code> attribute as the only argument.
   2.138        </p>
   2.139 +      <p>
   2.140 +        The <dfn>CORS preflight check</dfn> algorithm determines whether a Local-networked Service supports
   2.141 +        Cross-Origin Resource Sharing [[!CORS]] prior to that service being proposed for sharing to users and prior to
   2.142 +        active sharing with web pages. This algorithm takes one argument, <var>control endpoint URL</var>, and consists
   2.143 +        of running the following steps:
   2.144 +      </p>
   2.145 +      <ol class="rule">
   2.146 +        <li>Let <var>cross-origin request status</var> be set to the resulting value of <a href=
   2.147 +        "http://www.w3.org/TR/cors/#cross-origin-request-status"
   2.148 +              class="externalDFN">cross-origin request status</a> [[!CORS]] after performing a <a href=
   2.149 +              "http://www.w3.org/TR/cors/#cross-origin-request-with-preflight"
   2.150 +              class="externalDFN">cross-origin request with preflight</a> [[!CORS]] towards the <var>control endpoint
   2.151 +              URL</var> with the <a href="http://www.w3.org/TR/cors/#source-origin"
   2.152 +              class="externalDFN">source origin</a> [[!CORS]] set to the public IP address of the current machine,
   2.153 +              terminating this algorithm at Step 2 (when <a href=
   2.154 +              "http://www.w3.org/TR/cors/#cross-origin-request-status"
   2.155 +              class="externalDFN">cross-origin request status</a> has been set to <var>preflight complete</var> or a
   2.156 +              prior error has occurred in the algorithm).
   2.157 +        </li>
   2.158 +        <li>If <var>cross-origin request status</var> is set to <var>preflight complete</var> then return
   2.159 +        <code>pass</code>. Otherwise, return <code>fail</code>.
   2.160 +        </li>
   2.161 +      </ol>
   2.162 +      <p>
   2.163 +        User agents SHOULD re-run the <a>CORS preflight check</a> algorithm against service endpoint URLs when their
   2.164 +        <a href="http://www.w3.org/TR/cors/#cache-max-age"
   2.165 +           class="externalDFN">max-age</a> [[!CORS]] entry in the <a href=
   2.166 +           "http://www.w3.org/TR/cors/#preflight-result-cache"
   2.167 +           class="externalDFN">preflight result cache</a> [[!CORS]] exceeds the current time. If this subsequent
   2.168 +           execution of the <a>CORS preflight check</a> algorithm returns <code>fail</code> then the <a>user agent</a>
   2.169 +           MUST run the general rule for <a>removing an available service</a> passing in the associated <var>network
   2.170 +           service record</var>'s <code>id</code> attribute as the only argument.
   2.171 +      </p>
   2.172        <section>
   2.173          <h4>
   2.174            Zeroconf (<abbr title="Multicast DNS">mDNS</abbr> + <abbr title="Domain Name System">DNS</abbr>-<abbr title=
   2.175 @@ -1290,8 +1323,12 @@
   2.176                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   2.177                current date, in UTC timestamp format, plus a value of <code>120</code> seconds.
   2.178                </li>
   2.179 -              <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
   2.180 -              service record</var> as the only argument.
   2.181 +              <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
   2.182 +              the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
   2.183 +              current <var>network service record</var>'s <code>type</code> property is present in the <a>network
   2.184 +              services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
   2.185 +              current <var>network service record</var> as the only argument. Otherwise, discard the current
   2.186 +              <var>network service record</var>.
   2.187                </li>
   2.188              </ol>
   2.189            </li>
   2.190 @@ -1456,8 +1493,12 @@
   2.191                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   2.192                current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
   2.193                </li>
   2.194 -              <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
   2.195 -              service record</var> as the only argument.
   2.196 +              <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
   2.197 +              the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
   2.198 +              current <var>network service record</var>'s <code>type</code> property is present in the <a>network
   2.199 +              services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
   2.200 +              current <var>network service record</var> as the only argument. Otherwise, discard the current
   2.201 +              <var>network service record</var>.
   2.202                </li>
   2.203              </ol>
   2.204            </li>
   2.205 @@ -1679,8 +1720,12 @@
   2.206                <li>Set <var>network service record</var>'s <code>expiryTimestamp</code> property to the value of the
   2.207                current date, in UTC timestamp format, plus the value of <var>device expiry</var>.
   2.208                </li>
   2.209 -              <li>Run the general rule for <a>adding an available service</a>, passing in the current <var>network
   2.210 -              service record</var> as the only argument.
   2.211 +              <li>If the result of running the <a>CORS preflight check</a> algorithm is <code>pass</code>, passing in
   2.212 +              the current <var>network service record</var>'s <code>url</code> property as the only argument, or the
   2.213 +              current <var>network service record</var>'s <code>type</code> property is present in the <a>network
   2.214 +              services whitelist</a> then run the general rule for <a>adding an available service</a>, passing in the
   2.215 +              current <var>network service record</var> as the only argument. Otherwise, discard the current
   2.216 +              <var>network service record</var>.
   2.217                </li>
   2.218              </ol>
   2.219            </li>
   2.220 @@ -1813,9 +1858,7 @@
   2.221          If a <a>user agent</a> is to <dfn>make disappear</dfn> a <a><code>NetworkServices</code></a> object (this
   2.222          happens when a <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#document"
   2.223             class="externalDFN"><code>Document</code></a> object goes away), the <a>user agent</a> MUST remove this
   2.224 -           object from the <a>list of active service managers</a> and remove the <a href=
   2.225 -           "#dom-networkservice-url"><code>url</code></a> of each of its <a>indexed properties</a> from the <a>entry
   2.226 -           script origin's URL whitelist</a>.
   2.227 +           object from the <a>list of active service managers</a>.
   2.228        </p>
   2.229      </section>
   2.230      <section>
   2.231 @@ -1943,9 +1986,8 @@
   2.232  // Send a service message to get albums list (and process the service response)
   2.233  
   2.234     var svcXhr = new XMLHttpRequest();
   2.235 -   svcXhr.open("POST", services[0].url + "/getAlbums"); // services[0].url and its sub-resources have been
   2.236 -                                                        // whitelisted for cross-site XHR use in this
   2.237 -                                                        // current browsing context.
   2.238 +   svcXhr.open("POST", services[0].url + "/getAlbums"); // services[0].url and its sub-resources are
   2.239 +                                                        // available for cross-site XHR use.
   2.240  
   2.241     svcXhr.setRequestHeader('Content-Type', 'application/json-rpc');
   2.242  
   2.243 @@ -2053,10 +2095,8 @@
   2.244   // Send a control signal to mute the service audio
   2.245  
   2.246      var svcXhr = new XMLHttpRequest();
   2.247 -    svcXhr.open("POST", services[0].url); // services[0].url and its
   2.248 -                                          // sub-resources have been whitelisted for
   2.249 -                                          // cross-site XHR use in this current
   2.250 -                                          // browsing context.
   2.251 +    svcXhr.open("POST", services[0].url); // services[0].url and its sub-resources are
   2.252 +                                          // available for cross-site XHR use.
   2.253  
   2.254      svcXhr.setRequestHeader('SOAPAction', 'urn:schemas-upnp-org:service:RenderingControl:1#SetMute');
   2.255      svcXhr.setRequestHeader('Content-Type', 'text/xml; charset="utf-8";');