[FoRK] DNT: another example of "you can't make this shit up"
sdw at lig.net
Mon Oct 15 10:40:34 PDT 2012
On 10/15/12 10:25 AM, Damien Morton wrote:
> On Thu, Oct 11, 2012 at 5:41 PM, Stephen D. Williams <sdw at lig.net> wrote:
>> We need something like cookies, at least some of the time.
> Oh yeah - when do "we" need cookies?
> What does a user do with a cookie? Nothing, they don't even see them.
> If you have a way of presenting something like a BrowserID - a crypto
> mashup of username/password/domain - any state can be stored server-side
Which can be implemented trivially with the cookie protocol syntax. Simply start adding it to browsers. For the server side,
you could retrofit existing applications with a reverse proxy. The proxy could translate a BrowserID, when present, to locally
Cookies are needed when the browser is in anonymous mode, even though cookies quickly lose real anonymity.
to replace a session key: The session key has to be unique to the session.
What about authentication stronger than username/password? How would a token- or PKI-authenticated session work?
Besides not leaving quite as much local information in browser local databases, and perhaps being nicer for cross-browser /
computer context continuity, what do you see as the benefits of BrowserID vs. cookies? They seem equivalent for many purposes.
More information about the FoRK