Re: [Taler] denomination manipulation

[Jeff Burdges]

On Fri, 2015-11-27 at 07:56 +0100, Christian Grothoff wrote:

> 1) well-behaved Mint's don't set/use session cookies; thus:
> 2) we can certainly disable them client-side for this connection,
> which
>    is not the normal connection of the client via the browser window,
>    but really an administrative operation of the wallet hidden from
> the
>    end-user.

Alright, that's helpful if it can be done.

> 3) are you confusing shopping with grabbing /keys? The two happen
>    at very different times. Shopping often uses sessions, Taler mint
>    interactions never do.

No, I'm discussing information available to the mint 

> > If the wallet does cache the denomination keys,
> It also does that, yes. Or at least is supposed to eventually -- I 
> don't think it does today. But more as an optimization.

> > then you need to make
> > them to login before your web page informs the wallet that it's
> > visiting a mint. 
> 
> First of all, this one is expected to happen rarely.

The frequency doesn't matter, the only question is if the mint knows
who calls /keys. 

So the question is : Why does the wallet fetch /keys?  

It's always because the customer visits a mint's web page that
identifies itself, yes?  That gives the mint control over when this
happens.  In particular, if a mint asks that customers login before
revealing itself to the wallet, then that's potentially problematic,
depending upon the mint's userbase size. 

We cannot necessarily control this outright, but we can influence it by
making the Taler browser icon useful as soon as a customer visits a
mint page.  If clicked, it could offer information like the wallet's
balance, information about the mint, maybe an option to login to the
mint, etc.  This would encourage mints to identify themselves to the
wallet quickly.

Jeff

signature.asc
Description: This is a digitally signed message part