2010/7/8 Michael D Adams <m...@automattic.com>: > If an implementor needs cross domain functionality, there's a new, > safer technology that allows both ends to whitelist who they talk to. > > Cross-document messaging > http://www.w3.org/TR/html5/comms.html#crossDocumentMessages > > I'm not familiar with cross-document messaging or how well it's > supported by browsers.
It is supported by Firefox 3+, IE 8+, Opera 9+, Safari 4+ and Chrome, so mostly IE 6/7 should be the problem (as usual ...). And, by the way, the controversial XAuth completely relies on this technique. There could be one flow in which the authentication server, instead of redirecting, would pass the token through postMessage() with a targetOrigin that was pre-configured by the client, but I guess that is nothing for the core spec at this moment. Just an idea. Regards, Lukas Rosenstock _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
