W3C home > Mailing lists > Public > www-p3p-dev@w3.org > July 2011

Re: Flash Cookies - LSO

From: Rigo Wenning <rigo@w3.org>
Date: Mon, 4 Jul 2011 09:18:08 +0200
To: www-p3p-dev@w3.org, ranieri.pires@tqi.com.br, privacy <public-privacy@w3.org>
Message-Id: <201107040918.08268.rigo@w3.org>
Dear Ranieri Pires, 

This is not possible in P3P 1.0. The P3P Working Group had identified your 
scenario and had specified this in the P3P 1.1 Specification. 
http://www.w3.org/TR/P3P11/

2.3.2.9.1 OUR-HOST Extension

The OUR-HOST element allows sites to declare hosts that are owned by the 
entity in the associated policy or that are acting as agents of that entity. 
User agents may use this extension to distinguish between such a host and 
actual third-party hosts.

Unfortunately, browsers never supported the P3P 1.1 Specification, so it 
remained a Working Group Note. 

As a consequence, you can't declare a same origin anywhere so far. Browsers 
will assume that example1.org and example2.com are two different things and 
they will apply their security policy to it accordingly. 

Best, 

Rigo Wenning
W3C Legal counsel


On Wednesday 29 June 2011 17:11:01 Ranieri Pires wrote:
> How to save a flash cookie Local Shared Objects (LSO) in 2 domains?
> Example: My SWF is in www.domain1.com, but I need the cookie (LSO) is
> recorded inwww.domain1.com and www.domain2.com. Is there a P3P policy that
> allows this?
> 
> 
> 
> 
> 
> Ranieri
> 
Received on Monday, 4 July 2011 07:18:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 4 July 2011 07:18:44 GMT