Hi Sergiu! Sergiu Dumitriu wrote: > > It is impossible to send a cookie for a domain that's not a substring of > the current URL, since it would be a big security issue. Further, it is > impossible to set cookies for a TLD (.com). > > One trick that might work, although I didn't try, is to use cross domain > AJAX requests which add cookies, but this is not a bulletproof solution: > - works only with JS > - works only in browsers that understand cross-domain requests > > See https://developer.mozilla.org/en/HTTP_access_control and > http://www.w3.org/TR/cors/ > > But maybe you should try something else, like WebID > http://webid.myxwiki.org/ > >
As usual, you have sent a lot of food for thought in your message. Thanks! It will take me some time to digest all that. Probably mainly because the first step, to define the problem to be solved, is not so well done as desirable. Please, allow me to draft the user I'm facing here and send a couple of questions. The community behind the wiki farm were are designing belongs to a number of different institutions. Each of these institutions has its own information system, but for one or other reason it doesn't fulfill the requirements of the aforementioned users. Also, all of them, have a feeling of needing some kind of "different" environment that eases their lives concerning sharing information, knowledge and editing collaboratively different kinds of documents. There are frequent cross-interests between groups. I mean, people for a given group been advisable to have some kind of access rights on documents belonging to other group. They all feel confortable accessing a new portal with a customized look and feel. But it always easy to convince to create a new TLD (on .net or .org for instance) domain that having to explain why they must share the same root. In some cases this is simply not possible for "institutional image" reasons. That is why I would like to share cookies across domains more than having each of this groups using a virtual wiki sharing a common "base domain". If as you said sharing cookies between domains is a major security risk it seems to me that a system as WebID is of great interest to deal with situation as the one described here. Please, could you tell me if I've well understood two key points: 1. The master or main wiki in our farm could be set up ti issue WebID certificates on demand. This certificates could be issues to users with the correct credentials stored in a directory server LDAP enable and always using SSL communication. 2. Each virtual wiki in our farm could be set up to accept WebID certificates. It will be up to each user to obtain a WebID certificate from the main wiki or keep using the plain old username/password system. Even though I can easily agree about the fact most of the security issues in our systems are due to a bad or lacking at all passwords' policy, I am sure many users feel comfortable with this "apparently sure" system. Any thought will be welcome! Please, allow me just a final remark here addressed to all XWiki community. I've recently managed to regain access to way almost lost of using and trying to contribute to XWiki development. I am really impressed with the work done in the last 12 months. Of course it is not hard to impress me! But I am sure more skilled people are also impressed with the current XWiki state of development! Thanks for all the hard work! Greetings, Ricardo -- Ricardo RodrÃguez CTO eBioTIC. Life Sciences, Data Modeling and Information Management Systems _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
