> -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Friday, March 18, 2005 12:12 PM > To: CF-Talk > Subject: RE: Cross domain quandry > > You could use an image in one domain, and have that image served by a CF > page on the other domain. You could pass a token in the IMG tag that would > let you track the user in both domains simultaneously.
We've done this and it's worked well. However one caveat: you must place a CPP (Compact Privacy Statement) on both servers for this to work under the P3P (Platform for Privacy Policy). Browsers (like IE 6) that support this won't set cookies from a third party server unless the CPP exists. Look up P3P at www.w3c.org or google it for more information. I think for your stated issue that should work very well. For a more complex implementation we've also created a rather clever (if I do say so myself) "Cross Application Trust" system. The major benefit to this is that it allows apps to define "trust relationships" between themselves. Each application declares certain assertions (variable names and types and such) that can be tested and updated automatically by trusted apps. When an application moves from one to another it passes a bundle of encrypted information. This information is then checked against the assertions - if they're okay then you can get in and the new app "knows" that certain variables are available to it without further fuss and muss. The application chain is maintained as an ordered "Stack" of identity information. The HUGE win for us here is that it allows us to alias users as other users since each app can have a different identity in its stack element. Although the user is aliased as another user on a system the stack contains the source information to allow for various entitlement management. This allows, for example, a customer service rep to log in to the customer service application, then choose a financial rep from the extranet application and enter the extranet (via the trust relationship) as that rep. They might then choose a customer from the customer-facing application and enter that (again via a trust relationship) as that customer. So you have the ability for a service rep to see exactly what a rep and a customer see. The application's involved still know that it's a service rep because they can look at the stack chain and if they needed to they could limit access in some cases. For example while a Rep can see a customer's accounts they can't change a customer's address. Finally this whole mess is stored in a home grown metrics application which allows us to examine activity on customer accounts and know if the customer or some aliased financial rep or service rep was the user involved. Sorry for the book - I'm actually quite pleased with this system. ;^) It's written in CF 4.5 and has worked wonders for us for several years now and is still more capable in what it does than any of the Websphere systems that will be taking its place. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:199374 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
