IE8 will ship the updated section of Access Control that enables public data aggregation (no creds on wildcard) while setting us up on a trajectory to support more in the future (post IE8) using the API flag in an XDR level 2.
That’s contingent on getting some understanding that “this area of the spec (public data) will not change significantly unless there are new security concerns.”
That means we are now one (big) step closer to ultimately having cross-browser support for Web developers who want to write Web applications for that “public data” use-case of the Access-Control mechanism.
Sunava’s announcement is one of several positive outcomes from a three-day face-to-face meeting that the Web Applications Working Group had at the Microsoft offices last week.
So, much thanks to Sunava and to others on the Internet Explorer team for the work they’ve been doing to help bring us closer to getting this collaboratively developed open standard for client-side cross-site requests out to the widest number of Web developers and end users possible.