- From: Peter Williams <home_pw@msn.com>
- Date: Thu, 12 Jan 2012 07:24:00 -0800
- To: <melvincarvalho@gmail.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-W21D1EF56454EF988861AE929F0@phx.gbl>
it was intresting, but didnt map the notion of session onto SSL session - which is the security critical element. It seemed to be all about cookies (passing over a encrypted pipe) It was also very browser-centric, vs site centric. By being at the address bar level, it does seem to be tab-independent (allowing for those pesky multiple sessions, that I know caused us immense grief to deliver, once one adds websso session management). I didnt state the case of IE, when one has multiple windows open (each with a tab set). It didnt address IE's "new session" (that eliminate all cookies and SSL sessions for THAT instance of the browser, but not others supporting outlook ... or Active Desktop). It didnt state the case of resumed SSL sessions (on loading a new browser instance), or duplicated SSL sessions (when one uses cntrl-N) It seemed to be a little cookie manager, with even hook; and didnt quite hit the mark. But, it was interesting, none the less. Im not sure what happens to a real world user, who has 4+ browsers (PC work, PC home, phone, e-reader). Typically, pages (not browsers) are used for logon, since no two browsers are alike, but the users wants uniformity. > Date: Thu, 12 Jan 2012 13:29:23 +0100 > From: melvincarvalho@gmail.com > To: public-xg-webid@w3.org > Subject: Mozilla Login User Experience -- Sessions API > > Interesting how they do things: > > https://wiki.mozilla.org/Identity/Verified_Email_Protocol/Session_API >
Received on Thursday, 12 January 2012 15:24:36 UTC