There is an ongoing standardization process to work out a scheme to allow cross-domain ajax requests JSON-P is just a temporary workaround since it uses the script tag to make HTTP requests, which is inferior to the XMLHttpRequest object.
The proposed solution is based on letting the resource origin specify which domains that are allowed to make cross-domain requests, the domain "*" means that any other web page can host an application that makes requests to that specific resource.