Reliable front-channel cross-domain communication

I’ve done some more work investigation on how various browsers with various configurations behaves when it comes to access to cookies throuh iframes, redirects, JSONP and images.

I got many use cases where you do not really want to redirect the user to a third party, because you loose control of the user, and you have no way to implement fall-backs from service interruptions on their side.

  • DiscoJuiceReadWrite protocol
  • Identity Federations Virtual Organisations Protocol Design
  • Feide’s Single-Logout implementation

This research is background material for selecting which method to use when doing reliable front-channel cross-domain communication.

I’ll be back with more information on this at a later time. The first preliminary results are that the test is extremely useful, as the behaviour varies a lot between browsers.

Leave a Reply