Re: Follow-up. Re: Use case: Authenticate using eID

Le 13/05/2013 20:38, Arun Ranganathan a écrit :
> On May 13, 2013, at 1:49 PM, Aymeric Vitte wrote:
>> I have suggested too :
>> To be more clear, only a combination of link above and links below is feasible, and that's not a hack, neither a hook, that's the web.
> +1, but bookmarklet use here cannot possibly be good and so shouldn't be considered a viable answer to Mountie's question :-(

Mountie's, Karen's or others, I am not saying that's a fantastic 
solution (as well as iframes uses), but I don't see another one.

>> And I believe "super cookie" is not the web, but you can consider indexedDB as a mega cookie.
> Any client-side storage mechanism can be invoked by colluding origins for different purposes, but the difference is that you don't get HTTP behavior or XHR in withCredentials mode (but you knew that).  If they aren't in collusion, then it's likely to be a hack.

In another email, you wrote "2. The key can be shared with origin 2 via 
cross-origin messaging." 
(, I 
don't see how CORS could apply here, withCredentials or not, CORS is 
only about sending/receiving things to/from other origins and sharing 
some stringyfiable things or cookies uses, you can not share keys, the 
best you can do is to send some information to allow another origin to 
find the keys.

Maybe I am missing something but what is the idea here?

>> I have not thought a lot to eID case, maybe a more detailed example including requirements/restrictions could help to try writing it and see if it's feasible as such.
> Depending if the eID use case can work within a "cooperating origins" model (to be contrasted with collusion), we may have something here.  If not, I defer to Nick VDB:

What is unclear for me in the eID example is what is secret and what is not.

I have read several time Nick's description, maybe something a little 
bit more detailed could help.

> -- A*

Email :
iAnonym :
node-Tor :
GitHub :
Web :
Webble :
Extract Widget Mobile :
BlimpMe! :

Received on Monday, 13 May 2013 20:36:44 UTC