>> 1. iframed content is not secure from the rest of the page (e.g. if you used >> 3rd party javascript, it could intercept credentials). A redirect flow >> avoids this. > > Ryan, we can keep framed content secure from the rest of the page.
Is this true of non-Mozilla properties? What has changed since Persona days? > We could theoretically support an iframe approach with the current > infrastructure. IMO, the rubber hits the road defining the UX. What would an > iframed approach look like? Well luckily we have a design today that already looks somewhat like an overlay (just imagine the grey background darkening the relying website behind it). > Embedded? Overlay? Full page? We would need Maureen, Ryan, and John to > provide input here. (I would vote for light boxed-overlay.) I should add that overlays are also problematic on mobile versions of varying screen size. And also that Google seems to be pretty rigid about their redirect flow. It’s probably safe to assume that they made this decision carefully. Ryan _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
