Seemless Single Signon
mart at degeneration.co.uk
Fri May 20 09:10:27 PDT 2005
Sam Ruby wrote:
> In the AJAX or classic fallbacks, I can see some value in not even
> allowing the creating of the iframe, etc; but we are talking about the
> browser plugin seemless single signon here, right?
When a browser plugin is in play, the user's click on the
plugin-provided "Log in!" implies permission. However, the protocol as
it stands can't differentiate between the plugin making the request and
some script on the site making the request, so it asks you for
authorization in both cases.
I agree that it would be nice if the plugin could bypass the
authorization stage, but I'm not sure how that can be done without
opening up a privacy hole since the page can (in theory) do anything
that the plugin can.
More information about the yadis