- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Fri, 08 Mar 2013 17:25:22 +0100
- To: Tobie Langel <tobie@w3.org>
- Cc: Frederick.Hirsch@nokia.com, public-closingthegap@w3.org
(updating subject since this is focusing on a specific sub-topic of the thread) Le vendredi 08 mars 2013 à 17:01 +0100, Tobie Langel a écrit : > Could we list the possible threats to sharing cookie jars? Then see if > isolation really mitigates them (or just shifts the problem > elsewhere). The threat I'm thinking of is being tracked across many other services (from the same company or not) when I stay logged in into a service (Facebook, twitter, google) because I use their associated tools on a regular basis. > Can we look into mitigation strategies that still enable this > seamless experience without trading security/privacy for it? Are there > other options, outside of sharing cookie jars, that enable this kind > of seamless experience? I think the scenario you describe has two main components: * making it easy for a user to login seamlessly in a given service, without having to retype passwords — the combination of passwords handling by browsers, and technologies such as browserid can hopefully solve a lot of the needs in this space * the interaction between a Web-app-in-browser and Web-app-as-first-class-citizen (or two of the latter type); in particular, how links are handled (when does a link end up where); and that certainly seems like a critical technical piece that would need to be handled (I'm not sure if SysApps has this in its plan) Dom
Received on Friday, 8 March 2013 16:25:45 UTC