<html><head></head><body bgcolor="#FFFFFF"><div>I am not worried too much. </div><div>If the browser setting gets so restrictive that iframes cannot even read the local storage, many apps are likely to cease to work. So, that probably will not become the default. </div>
<div><br></div><div>On the other hand, if the use is savvy enough to set the restriction, he is likely to be able to put his IdP in the exception list, so session management will still work for him. </div><div><br></div><div>
<br>=nat via iPhone</div><div><br>On Sep 15, 2012, at 5:56 PM, Torsten Lodderstedt <<a href="mailto:torsten@lodderstedt.net">torsten@lodderstedt.net</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
Hi all,<br>
<br>
<div class="moz-cite-prefix">Am 13.09.2012 17:04, schrieb Mike
Jones:<br>
</div>
<blockquote cite="mid:4E1F6AAD24975D4BA5B1680429673943667C3169@TK5EX14MBXC284.redmond.corp.microsoft.com" type="cite">
<p class="MsoNormal"> #650 Session - Dependency on
Third Party Cookies</p>
<p class="MsoNormal"> Nat
recommends "Won't Fix"</p>
<p class="MsoNormal"> We will say
that session management is dependent upon inter-site
communication through the browser</p>
<br>
</blockquote>
Does this mean to ignore the fact that browsers are restrictive and
probably will become even more restrictive on iframes and cookies? I
fear this will render the session management useless.<br>
<br>
regards,<br>
Torsten.<br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span><a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br></div></blockquote></body></html>