[prev in list] [next in list] [prev in thread] [next in thread]
List: whatwg
Subject: Re: [whatwg] Cross-Origin Cookies Sharing Proposal
From: Charlie Du <dh20156 () gmail ! com>
Date: 2013-06-25 1:44:13
Message-ID: 9F8CE942-199E-4C01-A43C-7BA7C577BC01 () gmail ! com
[Download RAW message or body]
Sure, it is an implementation issue, but I think the standardization should let it be \
easy. Like the tags header, footer... why we need them? right?
Regards
Charlie
ÔÚ 2013-6-25£¬8:49£¬Mountie Lee <mountie@paygate.net>
> I think it is about not for standardization issue but for implementation issue.
>
>
> On Mon, Jun 24, 2013 at 7:06 PM, Huan Du <dh20156@gmail.com> wrote:
> > Hi Mountie,
> >
> > I think they are different experiences. we want a smooth solution.
> >
> > Regards,
> > Charlie
> >
> >
> > 2013/6/24 Mountie Lee <mountie@paygate.net>
> > > for SSO,
> > > did you tried SAML or OAuth?
> > >
> > >
> > > On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote:
> > > > Nils,
> > > >
> > > > Thanks for your feedback.
> > > >
> > > > There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com. \
> > > > all of them are using a same account management system including Sign up, \
> > > > Sign in.
> > > > The requirement is simple for the account management system. when user A \
> > > > signed in taobao.com, we expect A is signed in tmall.com and etao.com.
> > > > Regards,
> > > > Charlie
> > > >
> > > >
> > > > 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
> > > > > Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
> > > > >
> > > > > > As privacy awareness becomes prevelant, the trend is that future
> > > > > > browsers are going to ban third-party Cookies by default.
> > > > > >
> > > > > > This is a good thing for users, but for giant internet companies,
> > > > > > this has no doubt increases the difficult and complexity of
> > > > > > implementing user session synchronization.
> > > > >
> > > > > I have a suspicion that the only thing that cannot be done easily
> > > > > without cookies is tracking ¨C that is, pretending that a user has an
> > > > > account, but ensuring that she has not made that choice consciously.
> > > > >
> > > > > Everything else, so it seems to me, can be done RESTful. Am I wrong?
> > > > >
> > > > > > Is it possible to, like Cross-Origin Resource Sharing, allow a site to
> > > > > > indicate which domains it would like to share Cookies with?
> > > > > >
> > > > > > The user account management system of Alibaba have encountered this
> > > > > > issues and been troubled by this issue. It there's a proposal like
> > > > > > this, it would be very nice.
> > > > >
> > > > > Can you elaborate? Why would an account management system need sessions?
> > > > >
> > > > > --
> > > > > Nils Dagsson Moskopp // erlehmann
> > > > > <http://dieweltistgarnichtso.net>
> > >
> > >
> > >
> > > --
> > > Mountie Lee
> > >
> > > PayGate
> > > CTO, CISSP
> > > Tel : +82 2 2140 2700
> > > E-Mail : mountie@paygate.net
> > >
> > > =======================================
> > > PayGate Inc.
> > > THE STANDARD FOR ONLINE PAYMENT
> > > for Korea, Japan, China, and the World
> > >
>
>
>
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
>
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic