Browser plug-in

meepbear * meepbear at hotmail.com
Wed Jul 6 09:39:05 PDT 2005


>Here's the problem:  if I have code auto-login (or auto-insert my
>username into openid fields), then remote sites can grab it and see
>who I am without authorizing it.  Simply attach an event handler to
>the text box, or a timer that waits until after the plugin fires,
>etc...
>
>With that said, yeah, it'd be about four lines of Greasemonkey.

I actually envisioned something more involved than simply filling out forms. 
A plug-in can provide an identity to the consumer just as easily as the 
OpenID server can, but without requiring someone to be logged into/log onto 
anything all the time. All the consumer would have to do is check with the 
server to see if what the plug-in gave it was authentic or not.




More information about the yadis mailing list