On Tue, Sep 29, 2015 at 2:24 PM, Hodges, Jeff <jeff.hod...@paypal.com> wrote:
> that is what is explained in > http://identitymeme.org/http-cookie-processing-algorithm-etlds/ > In the case of FIDO though, I am guessing these are just rules for scoping App IDs, and both parties must "agree" (via JS running and contained via SOP) on the common App ID to use, unlike cookies where the cookie recipient has no power, only the cookie setter... -- Tony Arcieri
