Non-recoverable auth failure?

Carl Howells chowells at
Tue Jun 28 16:49:40 PDT 2005

Brad Fitzpatrick wrote:
> I don't like the idea of introducing a new URL and specifying the security
> restrictions on what that URL can be (anything under trust_root?).

Huh?  The only change I'm proposing (at this point) is removing 
post_grant, and defining the behavior to always be what 
post_grant=return specified before.  I don't see any new URL or new 
restrictions necessary in that change.  It just eliminates a special 
case that makes both the spec and implementations of it more 
complicated.  Furthermore, I don't see any added value in that special 
case, as using it doesn't really save the consumer any work... It just 
defers that work until the consumer's next action.

Carl Howells

More information about the yadis mailing list