Re: Origin-scoped cache/cookie/storage context

On Fri, Jan 10, 2014 at 6:09 PM, Nasko Oskov <nasko@chromium.org> wrote:
> We have actually attempted implementing such isolation based on ideas in a
> paper [ http://www.charlesreis.com/research/publications/ccs-2011.pdf ]
> by Charlie Reis, Adam Barth, et al.

Nice!


> The example scenario that is confusing for the user is a
> news site with social networking buttons, which when clicked lead to
> authentication prompts, even though the user is already logged into the
> social network.

Yeah, this feature does not seem ideal for that kind of site. I guess
the way iOS deals with this scenario is providing elevated access to
Facebook and Twitter, which works fine, but does not really scale well
and would not be a suitable solution on the web.


> Our decision was to try and achieve the same end result though different
> means, due to how we implement and enforce partitioning. We are currently
> working on the first piece needed to get us there.

Could you elaborate on this?


> If you are interested in glory details of why it didn't work as users expect
> it, let me know and I'll be happy to explain.

Assuming that once the user clicked the social network button that
would lead to some inline popup and not a top-level navigation, I
think I understand.


-- 
http://annevankesteren.nl/

Received on Saturday, 11 January 2014 16:44:05 UTC