meepbear at hotmail.com
Wed Jul 6 09:39:05 PDT 2005
>Here's the problem: if I have code auto-login (or auto-insert my
>username into openid fields), then remote sites can grab it and see
>who I am without authorizing it. Simply attach an event handler to
>the text box, or a timer that waits until after the plugin fires,
>With that said, yeah, it'd be about four lines of Greasemonkey.
I actually envisioned something more involved than simply filling out forms.
A plug-in can provide an identity to the consumer just as easily as the
OpenID server can, but without requiring someone to be logged into/log onto
anything all the time. All the consumer would have to do is check with the
server to see if what the plug-in gave it was authentic or not.
More information about the yadis