[prev in list] [next in list] [prev in thread] [next in thread]
List: www-p3p-dev
Subject: Re: Flash Cookies - LSO
From: Rigo Wenning <rigo () w3 ! org>
Date: 2011-07-04 7:18:08
Message-ID: 201107040918.08268.rigo () w3 ! org
[Download RAW message or body]
Dear Ranieri Pires,
This is not possible in P3P 1.0. The P3P Working Group had identified your
scenario and had specified this in the P3P 1.1 Specification.
http://www.w3.org/TR/P3P11/
2.3.2.9.1 OUR-HOST Extension
The OUR-HOST element allows sites to declare hosts that are owned by the
entity in the associated policy or that are acting as agents of that entity.
User agents may use this extension to distinguish between such a host and
actual third-party hosts.
Unfortunately, browsers never supported the P3P 1.1 Specification, so it
remained a Working Group Note.
As a consequence, you can't declare a same origin anywhere so far. Browsers
will assume that example1.org and example2.com are two different things and
they will apply their security policy to it accordingly.
Best,
Rigo Wenning
W3C Legal counsel
On Wednesday 29 June 2011 17:11:01 Ranieri Pires wrote:
> How to save a flash cookie Local Shared Objects (LSO) in 2 domains?
> Example: My SWF is in www.domain1.com, but I need the cookie (LSO) is
> recorded inwww.domain1.com and www.domain2.com. Is there a P3P policy that
> allows this?
>
>
>
>
>
> Ranieri
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic