Difference between revisions of "Endpoint"

From MgmtWiki
Jump to: navigation, search
(Problem)
(Problem)
Line 11: Line 11:
 
* Many standards have been focused on setting new endpoints for every service defined by the web site.
 
* Many standards have been focused on setting new endpoints for every service defined by the web site.
 
* Since endpoints are just URLs there ability to access sign in credentials or cookies is determined by policies set by the browser manufacturer or, possibly, by and administrator. These policy are subject to changes that are never explained, or even explainable, to the user.
 
* Since endpoints are just URLs there ability to access sign in credentials or cookies is determined by policies set by the browser manufacturer or, possibly, by and administrator. These policy are subject to changes that are never explained, or even explainable, to the user.
 +
* Since endpoint policy is not under the control of the standards, there is no chance for them to make it really clear when an endpoint will be consider to be a part of the origin and thus not subject to cross-origin policies.
  
 
==Solution==
 
==Solution==

Revision as of 16:19, 2 January 2022

Full Title or Meme

An Endpoint is typically a URL addressing one service of a Web Site.

Context

Endpoints have been defined in may standardized contexts.

Problem

  • It has been recognized for many years that URLs (and hence Endpoints are poor substitutes for Web Site Identifiers[1]. Yet no one has found a such a substitute.
  • Many standards have been focused on setting new endpoints for every service defined by the web site.
  • Since endpoints are just URLs there ability to access sign in credentials or cookies is determined by policies set by the browser manufacturer or, possibly, by and administrator. These policy are subject to changes that are never explained, or even explainable, to the user.
  • Since endpoint policy is not under the control of the standards, there is no chance for them to make it really clear when an endpoint will be consider to be a part of the origin and thus not subject to cross-origin policies.

Solution

A good solution is still being sought; here are some ideas:

References

  1. Jakob Nielsen, URL as UI https://www.nngroup.com/articles/url-as-ui/