Re: [whatwg] Cross-Origin Cookies Sharing Proposal

for SSO,
did you tried SAML or OAuth?


On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote:

> Nils,
>
> Thanks for your feedback.
>
> There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com.
> all of them are using a same account management system including Sign up,
> Sign in.
>
> The requirement is simple for the account management system. when  user A
> signed in taobao.com, we expect A is signed in tmall.com and etao.com.
>
> Regards,
> Charlie
>
>
> 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
>
>> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
>>
>> > As privacy awareness becomes prevelant, the trend is that future
>> > browsers are going to ban third-party Cookies by default.
>> >
>> > This is a good thing for users, but for giant internet companies,
>> > this has no doubt increases the difficult and complexity of
>> > implementing user session synchronization.
>>
>> I have a suspicion that the only thing that cannot be done easily
>> without cookies is tracking – that is, pretending that a user has an
>> account, but ensuring that she has not made that choice consciously.
>>
>> Everything else, so it seems to me, can be done RESTful. Am I wrong?
>>
>> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to
>> > indicate which domains it would like to share Cookies with?
>> >
>> > The user account management system of Alibaba  have encountered this
>> > issues and been troubled by this issue. It there's a proposal like
>> > this, it would be very nice.
>>
>> Can you elaborate? Why would an account management system need sessions?
>>
>> --
>> Nils Dagsson Moskopp // erlehmann
>> <http://dieweltistgarnichtso.net>
>>
>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World