Securing HTML vs securing HTTP

Johannes Ernst at
Tue Jan 24 18:57:52 UTC 2006

On Jan 24, 2006, at 10:24, Josh Hoyt wrote:

> Also, the YADIS layer that is growing beneath OpenID and LID uses the
> same model as OpenID,

Ahem, no?

It *can* use the same model to support those people whose hosting  
provider does not cooperate, but I tend to think that the "right" way  
of implementing it is using the X-YADIS-Location HTTP header, which I  
think is more along the lines that Jens was thinking of.

But I think Jens raises a point we should not neglect. I don't think  
any of us have any perfect answers yet -- but maybe this discussion  
will jiggle somebody's brain waves suitably who then can all educate  
us! ;-) Plug-ins is a real issue. I keep thinking that the Java2  
security people had it right all along -- ClassLoader-based security  
-- but nobody ever picked up on it. Technology too early for its time  
-- in one way or another, it will have to be re-invented sooner or  
later. (And I'm only commenting on the architectural approach, not  
specific features that Java may or may not have)

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url :
-------------- next part --------------

More information about the yadis mailing list