The W3C Voice Browser working group has published a new note
on Authorizing Read Access to XML Content Using the <?access-control?> Processing Instruction 1.0. IN breif this proposes using a processing instrcution like
<?access-control allow="*.poly.edu *.elharo.com"?>
to specify who gets to see a particular document. According to the introduction,
A plethora of applications and data are exposed as XML over HTTP. User agents such as Voice and Web browsers fetch and execute applications but restrict the XML content accessible to those applications merely to the URLs located in the same domain as the application. To take advantage of the rich XML content available on the Web, application developers must resort to proxying the content through the domain hosting their application thereby increasing overhead and limiting scalability.
This note describes a mechanism being used in the industry that allows a content provider to use a processing instruction embedded within the XML content to specify the access policy of that content. In this model a user agent can safely extend the sandbox in which it has restricted the application to include access to the XML content if and only if the specified policy grants permission.
Although this comes out of the Voice group, it's more generally applicable and should probably be taken up by the XML Core group, though I doubt it will be. Processing instructions are decidely out of fashion at the W3C these days.
Persoanlly, I'm not sure whether or not this is a good idea; but I'm always happy to see a new example of processing instructions since that means I can stop using the same tired old <php>
and <xml-stylesheet
examples in my books and talks. :-)