Special purpose User-Agents
Ask Bjørn Hansen
ask at develooper.com
Mon Aug 1 00:07:46 PDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jul 31, 2005, at 22:19, David Kolf wrote:
> Would it be possible to submit an extra value "openid.password=xyz" in
> the check_immediate mode to the identity server? This would not be
> very
> safe, but the login cookie that is currently used by the browser is no
> safer.
No, the "login cookie" is about a billion times safer. :-)
Unless I'm misunderstanding what part of the process you are
referring to, then it doesn't have to be a cookie. The identity
server can be on your local network and only allow people on the
local network to login for instance. (And it can use SSL, Digest-
Auth, Kerberos or anything else the browser and identity server can
agree on).
- ask
- --
http://askask.com/ - http://develooper.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iQCVAwUBQu3KRfkoKP1ixIspAQKY5QP+PJhZZSuI0T/SYFnIb/htskV2S6KZMJSM
EsL9gMYLruJeSIvEEUu7XgO1HOJ20UfCPrsudRupHb6ot6lbYRneKUReC2mFBBgw
azXuRmZNxSXK3JI+5p220lOxlMOC5cpX+0ZsbMZSJfelYRqpOQ1EDp8Ehm3Rm9yn
pYMV2mF87X0=
=/oJU
-----END PGP SIGNATURE-----
More information about the yadis
mailing list