Seemless Single Signon
mart at degeneration.co.uk
Fri May 20 07:34:18 PDT 2005
Sam Ruby wrote:
> From the user's point of view, they are the ones authoring the post.
> Why do they need to give themselves permission to do so?
They don't give themselves permission, they give the ID server
permission to assert their identity. LiveJournal's ID server has a "Yes;
never ask me again" option which allows future assersions on the same
site without agreeing again.
The idea here is to stop sites checking on users without their
permission. It's true that their ability to do this is limited -- they
can only check for specific IDs, rather than asking "who is logged in?"
-- the concern is there.
It's likely that ID servers will provide the option for certain users to
never be asked for permission again for any site, at which point they
will never see the approval page again.
More information about the yadis