Re: SOP wiki was: A Somewhat Critical View of SOP (Same Origin Policy)

On Tue, Sep 29, 2015 at 2:24 PM, Hodges, Jeff <jeff.hodges@paypal.com>
wrote:

> that is what is explained in
> http://identitymeme.org/http-cookie-processing-algorithm-etlds/
>

In the case of FIDO though, I am guessing these are just rules for scoping
App IDs, and both parties must "agree" (via JS running and contained via
SOP) on the common App ID to use, unlike cookies where the cookie recipient
has no power, only the cookie setter...


-- 
Tony Arcieri

Received on Tuesday, 29 September 2015 22:01:59 UTC