for SSO, did you tried SAML or OAuth? On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote: > Nils, > > Thanks for your feedback. > > There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com. > all of them are using a same account management system including Sign up, > Sign in. > > The requirement is simple for the account management system. when user A > signed in taobao.com, we expect A is signed in tmall.com and etao.com. > > Regards, > Charlie > > > 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net> > >> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800: >> >> > As privacy awareness becomes prevelant, the trend is that future >> > browsers are going to ban third-party Cookies by default. >> > >> > This is a good thing for users, but for giant internet companies, >> > this has no doubt increases the difficult and complexity of >> > implementing user session synchronization. >> >> I have a suspicion that the only thing that cannot be done easily >> without cookies is tracking – that is, pretending that a user has an >> account, but ensuring that she has not made that choice consciously. >> >> Everything else, so it seems to me, can be done RESTful. Am I wrong? >> >> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to >> > indicate which domains it would like to share Cookies with? >> > >> > The user account management system of Alibaba have encountered this >> > issues and been troubled by this issue. It there's a proposal like >> > this, it would be very nice. >> >> Can you elaborate? Why would an account management system need sessions? >> >> -- >> Nils Dagsson Moskopp // erlehmann >> <http://dieweltistgarnichtso.net> >> > > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Monday, 24 June 2013 01:09:32 UTC