Securing HTML vs securing HTTP
Johannes Ernst
jernst+lists.danga.com at netmesh.us
Tue Jan 24 18:57:52 UTC 2006
On Jan 24, 2006, at 10:24, Josh Hoyt wrote:
> Also, the YADIS layer that is growing beneath OpenID and LID uses the
> same model as OpenID,
Ahem, no?
It *can* use the same model to support those people whose hosting
provider does not cooperate, but I tend to think that the "right" way
of implementing it is using the X-YADIS-Location HTTP header, which I
think is more along the lines that Jens was thinking of.
But I think Jens raises a point we should not neglect. I don't think
any of us have any perfect answers yet -- but maybe this discussion
will jiggle somebody's brain waves suitably who then can all educate
us! ;-) Plug-ins is a real issue. I keep thinking that the Java2
security people had it right all along -- ClassLoader-based security
-- but nobody ever picked up on it. Technology too early for its time
-- in one way or another, it will have to be re-invented sooner or
later. (And I'm only commenting on the architectural approach, not
specific features that Java may or may not have)
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060124/c1eca5e1/lid.gif
-------------- next part --------------
http://netmesh.info/jernst
More information about the yadis
mailing list