Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages = Embedded WAYF

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages = Embedded WAYF


Chronological Thread 
  • From: Peter Williams <>
  • To: "" <>
  • Subject: RE: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages = Embedded WAYF
  • Date: Mon, 22 Dec 2008 08:50:25 -0800
  • Accept-language: en-US
  • Acceptlanguage: en-US

http://www.w3.org/TR/P3P11/#oho


For research only. Even if the p3p is signed, don't assume implementations
would use the expression to implement the type of zone based firewall seen in
ie, which implements a (non crypto) confidentiality service.

Like most commercial sites, we download signed script to populate the rules
of the zone-based firewall in ie. Its authorization statements induce the
browser to avoid warning users of information flows beween https namespaces,
for example.

-----Original Message-----
From: Lukas Haemmerle
<>
Sent: Monday, December 22, 2008 7:52 AM
To:


<>
Subject: Re: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages =
Embedded WAYF


> I too don't understand exactly what I'm advertising, the P3P spec is too
> big and I don't have time for it. It started to work and that's it. :)

Yeah, what's more. I don't see the point of all this... This whole P3P
is based purely on self-declaration and therefore in my opinion not of
much use as far as I have understood the concept in the fairly short
amount of time I was willing to spend on this ;)

I tested again and surprisingly it seems that IE indeed is blocking the
cookies with or without this header. Nevertheless, IE seems in some
cases to preselect the right entry in the drop down list even if cookies
are blocked (I haven't checked if it really doesn't send them but at
least IE says it blocked the cookie... and I wouldn't dare not to trust
Microsoft, would I :) ? ). This even is the case across restarts of IE...
So, I assumed it could have to do something with IE remembering entries
from some drop down lists provided name/id of the form/select element.
However, this also didn't turn out to be the case because renaming form
and select element didn have any effect either. So, right now I don't
really know why it seems to unless I delete the cookies in the temp
folder and do a restart.

Lukas

--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
http://www.switch.ch



Archive powered by MHonArc 2.6.16.

Top of Page