Access Control for Cross-site Requests USE CASES

FOO in the scenarios below is a fictional person who lives in Havana and
likes playing with Web technology that isn't implemented anywhere.

* FOO owns test.example.org and test2.example.org. FOO uses XSLT extensively
on both domains and because FOO doesn't want to use a pre-processing script
to duplicate XSLT files he puts them all on test.example.org and includes a
<?access-control allow="test2.example.org"?> at the top of them.

* FOO has implemented the fictional OPEN DATA REST API on test.example.org
to store data so that services that help him keep track of bookmarks,
friends, et cetera can store the info on FOO's domain instead of their own.
This allows FOO to switch to any other service provider taking his data
easily with him. Using Access Control he enables 2del.icio.us.invalid and
flickr2.invalid to access his data so they can store and manipulate data.
To keep other people from messing with his data the API only works if you're
authenticated with test.example.org.

* FOO signs up for the personaldata.example.com Web service where you can
enter all kinds of personal information, such as your address, credit card
information, et cetera. Every shopping site that has a contract with
personaldata.example.com can then easily extract data out of it as long as
FOO is authenticated with personaldata.example.com which gives him a better
shopping experience.

* FOO enables cross-site access to his FOAF file and hopes everyone will
follow him so that the Tabulator http://www.w3.org/2005/ajar/tab becomes
easier to use/write/etc.