[Openid-specs-ab] Spec call notes 13-Sep-12
sakimura at gmail.com
Sat Sep 15 12:10:40 UTC 2012
I am not worried too much.
If the browser setting gets so restrictive that iframes cannot even read
the local storage, many apps are likely to cease to work. So, that probably
will not become the default.
On the other hand, if the use is savvy enough to set the restriction, he is
likely to be able to put his IdP in the exception list, so session
management will still work for him.
=nat via iPhone
On Sep 15, 2012, at 5:56 PM, Torsten Lodderstedt <torsten at lodderstedt.net>
Am 13.09.2012 17:04, schrieb Mike Jones:
#650 Session - Dependency on Third Party Cookies
Nat recommends "Won't Fix"
We will say that session management is
dependent upon inter-site communication through the browser
Does this mean to ignore the fact that browsers are restrictive and
probably will become even more restrictive on iframes and cookies? I fear
this will render the session management useless.
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab