W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Re: [whatwg] Cross-Origin Cookies Sharing Proposal

From: Charlie Du <dh20156@gmail.com>
Date: Tue, 25 Jun 2013 09:44:13 +0800
Message-Id: <9F8CE942-199E-4C01-A43C-7BA7C577BC01@gmail.com>
Cc: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>, "whatwg@whatwg.org" <whatwg@whatwg.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Kang-Hao Lu <kennyluck@w3.org>, 程劭非 <csf178@gmail.com>, 一丝冰凉 <yiorsi@gmail.com>
To: Mountie Lee <mountie@paygate.net>
Sure, it is an implementation issue, but I think the standardization should let it be easy. Like the tags header, footer... why we need them? right?

Regards
Charlie

 2013-6-258:49Mountie Lee <mountie@paygate.net> 

> I think it is about not for standardization issue but for implementation issue.
> 
> 
> On Mon, Jun 24, 2013 at 7:06 PM, Huan Du <dh20156@gmail.com> wrote:
>> Hi Mountie,
>> 
>> I think they are different experiences. we want a smooth solution.
>> 
>> Regards,
>> Charlie
>> 
>> 
>> 2013/6/24 Mountie Lee <mountie@paygate.net>
>>> for SSO,
>>> did you tried SAML or OAuth?
>>> 
>>> 
>>> On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote:
>>>> Nils,
>>>> 
>>>> Thanks for your feedback.
>>>> 
>>>> There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com. all of them are using a same account management system including Sign up, Sign in.
>>>> 
>>>> The requirement is simple for the account management system. when  user A signed in taobao.com, we expect A is signed in tmall.com and etao.com.
>>>> 
>>>> Regards,
>>>> Charlie
>>>> 
>>>> 
>>>> 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>
>>>>> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800:
>>>>> 
>>>>> > As privacy awareness becomes prevelant, the trend is that future
>>>>> > browsers are going to ban third-party Cookies by default.
>>>>> >
>>>>> > This is a good thing for users, but for giant internet companies,
>>>>> > this has no doubt increases the difficult and complexity of
>>>>> > implementing user session synchronization.
>>>>> 
>>>>> I have a suspicion that the only thing that cannot be done easily
>>>>> without cookies is tracking C that is, pretending that a user has an
>>>>> account, but ensuring that she has not made that choice consciously.
>>>>> 
>>>>> Everything else, so it seems to me, can be done RESTful. Am I wrong?
>>>>> 
>>>>> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to
>>>>> > indicate which domains it would like to share Cookies with?
>>>>> >
>>>>> > The user account management system of Alibaba  have encountered this
>>>>> > issues and been troubled by this issue. It there's a proposal like
>>>>> > this, it would be very nice.
>>>>> 
>>>>> Can you elaborate? Why would an account management system need sessions?
>>>>> 
>>>>> --
>>>>> Nils Dagsson Moskopp // erlehmann
>>>>> <http://dieweltistgarnichtso.net>
>>> 
>>> 
>>> 
>>> -- 
>>> Mountie Lee
>>> 
>>> PayGate
>>> CTO, CISSP
>>> Tel : +82 2 2140 2700
>>> E-Mail : mountie@paygate.net
>>> 
>>>  =======================================
>>> PayGate Inc.
>>> THE STANDARD FOR ONLINE PAYMENT
>>> for Korea, Japan, China, and the World
>>> 
> 
> 
> 
> -- 
> Mountie Lee
> 
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
> 
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
> 
Received on Tuesday, 25 June 2013 01:44:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC