- From: Charlie Du <dh20156@gmail.com>
- Date: Tue, 25 Jun 2013 09:44:13 +0800
- To: Mountie Lee <mountie@paygate.net>
- Cc: Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "whatwg@whatwg.org" <whatwg@whatwg.org>, һ˿±ùÁ¹ <yiorsi@gmail.com>, ³ÌÛ¿·Ç <csf178@gmail.com>, Kang-Hao Lu <kennyluck@w3.org>
Sure, it is an implementation issue, but I think the standardization should let it be easy. Like the tags header, footer... why we need them? right? Regards Charlie ÔÚ 2013-6-25£¬8:49£¬Mountie Lee <mountie@paygate.net> > I think it is about not for standardization issue but for implementation issue. > > > On Mon, Jun 24, 2013 at 7:06 PM, Huan Du <dh20156@gmail.com> wrote: >> Hi Mountie, >> >> I think they are different experiences. we want a smooth solution. >> >> Regards, >> Charlie >> >> >> 2013/6/24 Mountie Lee <mountie@paygate.net> >>> for SSO, >>> did you tried SAML or OAuth? >>> >>> >>> On Sat, Jun 22, 2013 at 12:00 PM, Huan Du <dh20156@gmail.com> wrote: >>>> Nils, >>>> >>>> Thanks for your feedback. >>>> >>>> There are 3 web sites in Alibaba at least: taobao.com, tmall.com, etao.com. all of them are using a same account management system including Sign up, Sign in. >>>> >>>> The requirement is simple for the account management system. when user A signed in taobao.com, we expect A is signed in tmall.com and etao.com. >>>> >>>> Regards, >>>> Charlie >>>> >>>> >>>> 2013/6/22 Nils Dagsson Moskopp <nils@dieweltistgarnichtso.net> >>>>> Huan Du <dh20156@gmail.com> schrieb am Fri, 21 Jun 2013 19:49:39 +0800: >>>>> >>>>> > As privacy awareness becomes prevelant, the trend is that future >>>>> > browsers are going to ban third-party Cookies by default. >>>>> > >>>>> > This is a good thing for users, but for giant internet companies, >>>>> > this has no doubt increases the difficult and complexity of >>>>> > implementing user session synchronization. >>>>> >>>>> I have a suspicion that the only thing that cannot be done easily >>>>> without cookies is tracking ¨C that is, pretending that a user has an >>>>> account, but ensuring that she has not made that choice consciously. >>>>> >>>>> Everything else, so it seems to me, can be done RESTful. Am I wrong? >>>>> >>>>> > Is it possible to, like Cross-Origin Resource Sharing, allow a site to >>>>> > indicate which domains it would like to share Cookies with? >>>>> > >>>>> > The user account management system of Alibaba have encountered this >>>>> > issues and been troubled by this issue. It there's a proposal like >>>>> > this, it would be very nice. >>>>> >>>>> Can you elaborate? Why would an account management system need sessions? >>>>> >>>>> -- >>>>> Nils Dagsson Moskopp // erlehmann >>>>> <http://dieweltistgarnichtso.net> >>> >>> >>> >>> -- >>> Mountie Lee >>> >>> PayGate >>> CTO, CISSP >>> Tel : +82 2 2140 2700 >>> E-Mail : mountie@paygate.net >>> >>> ======================================= >>> PayGate Inc. >>> THE STANDARD FOR ONLINE PAYMENT >>> for Korea, Japan, China, and the World >>> > > > > -- > Mountie Lee > > PayGate > CTO, CISSP > Tel : +82 2 2140 2700 > E-Mail : mountie@paygate.net > > ======================================= > PayGate Inc. > THE STANDARD FOR ONLINE PAYMENT > for Korea, Japan, China, and the World >
Received on Tuesday, 25 June 2013 01:44:44 UTC