Cross-site Preference Lookup

For the CDS/PDS to work in a standard scenario, a general website, such as gothamtimes.com, needs the ability to lookup a user's PDS, and then lookup the user's preferences from that PDS.

There are three types of cross-site communication which could be used:

1) iframe redirect

    • A web page may create an iframe src tag pointing to a discovery service. The iframe URL will encode a message for the discovery service. The discovery service will respond with a 302 redirect back to the requesting site. The redirect URL will encode a response message for the requesting site.

    • This type of communication will be used for all transactions that require authentication of the requesting site, but do not require the user's explicit approval. This technique would be used for requesting access to site-specific preferences (such as a per-site override of a privacy preference) that cannot be made public to all other sites.

    • This type of communication might be used for cases where the data being requested is public, but the security risks of jsonp (see next technique) are unacceptable.

    • The principal limitation of this approach is bandwidth: the request and response message must fit within URL length limitations (hundreds of bytes).

2) JSONP

    • A web page may create a script src tag to a discovery service: <script src=http://cds.com/data?callback=func>. The discovery service will return javascript that invokes the callback function with information about a user.

    • This type of communication may be used for transactions that don't require authentication of the requester (sharing public data) and the response is expected to be large.

    • The request message is subject to URL length limitations, but the response message can be very large.

    • This approach gives the discovery service the ability to run script in the domain of the requester, so a malicious or compromised discovery service can be very dangerous. Some requesters will not accept this risk and will only use iframe redirects, or will only use this technique with highly trusted PDS providers

3) CSS

    • A web page may source CSS from a discovery service: <link rel=style type=text/css href=http://cds.com/cssdata>. The discovery service will return CSS style information that includes information about a user.

    • This type of communication may be used for transactions that don't require authentication of the requester (sharing public data) and the response is expected to be large.

    • The request message is subject to URL length limitations, but the response message can be very large.

    • Some browsers (IE and FF2, see http://code.google.com/p/browsersec/wiki/Part1#Cascading_stylesheets) allow CSS to include javascript, so a malicious or compromised discovery service can be very dangerous in those browsers. Browsers that don't allow javascript in CSS will have better security with the CSS approach than with the jsonp approach.