On Sat, Mar 12, 2016 at 3:48 AM, Martin Thomson <[email protected]> wrote: > Now that is a frightening observation. Is this creating a more persistent > (pernicious?) tracking mechanism?
It should be identical to password manager integration. > In that case, credentials stored by a site should last no longer than > cookies. Credentials created by a user maybe can live longer. How do you distinguish the two if the access is through a UI-mediated API? If we think this API should have no more power than storage/cookies, there's not much point in having this API. A site could then simply remember the federation provider itself, and such, and lose it whenever the user is done with the site (or has visited enough other sites). -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
