W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: [whatwg] Cross-Origin Cookies Sharing Proposal

From: Mountie Lee <mountie@paygate.net>
Date: Tue, 25 Jun 2013 09:49:36 +0900
Message-ID: <CAE-+aYKUSVz5inGQEvHtC3DfX6fS_ehAVor_9+MdG4cxp5YF4A@mail.gmail.com>
To: Huan Du <dh20156@gmail.com>
Cc: (wrong string) 程劭非 <csf178@gmail.com>, 一丝冰凉 <yiorsi@gmail.com>
I think it is about not for standardization issue but for implementation
issue.


On Mon, Jun 24, 2013 at 7:06 PM, Huan Du <dh20156@gmail.com> wrote:

> Hi Mountie,
>
> I think they are different experiences. we want a smooth solution.
>
> Regards,
> Charlie
>
>
> 2013/6/24 Mountie Lee <mountie@paygate.net>
>
>>  for SSO,
>> did you tried SAML or OAuth?
>>
>>
>> On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote:
>>
>>> Nils,
>>>
>>> Thanks for your feedback.
>>>
>>> There are 3 web sites in Alibaba at least: taobao.com, tmall.com,
>>> etao.com. all of them are using a same account management system
>>> including Sign up, Sign in.
>>>
>>> The requirement is simple for the account management system. when  user
>>> A signed in taobao.com, we expect A is signed in tmall.com and etao.com.
>>>
>>> Regards,
>>> Charlie
>>>
>>>
>>> 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
>>>
>>>> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
>>>>
>>>> > As privacy awareness becomes prevelant, the trend is that future
>>>> > browsers are going to ban third-party Cookies by default.
>>>> >
>>>> > This is a good thing for users, but for giant internet companies,
>>>> > this has no doubt increases the difficult and complexity of
>>>> > implementing user session synchronization.
>>>>
>>>> I have a suspicion that the only thing that cannot be done easily
>>>> without cookies is tracking  that is, pretending that a user has an
>>>> account, but ensuring that she has not made that choice consciously.
>>>>
>>>> Everything else, so it seems to me, can be done RESTful. Am I wrong?
>>>>
>>>> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to
>>>> > indicate which domains it would like to share Cookies with?
>>>> >
>>>> > The user account management system of Alibaba  have encountered this
>>>> > issues and been troubled by this issue. It there's a proposal like
>>>> > this, it would be very nice.
>>>>
>>>> Can you elaborate? Why would an account management system need sessions?
>>>>
>>>> --
>>>> Nils Dagsson Moskopp // erlehmann
>>>> <http://dieweltistgarnichtso.net>
>>>>
>>>
>>>
>>
>>
>> --
>> Mountie Lee
>>
>> PayGate
>> CTO, CISSP
>> Tel : +82 2 2140 2700
>> E-Mail : mountie@paygate.net
>>
>>  =======================================
>> PayGate Inc.
>> THE STANDARD FOR ONLINE PAYMENT
>> for Korea, Japan, China, and the World
>>
>>
>>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Tuesday, 25 June 2013 00:50:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC