Non-recoverable auth failure?
Carl Howells
chowells at janrain.com
Tue Jun 28 16:49:40 PDT 2005
Brad Fitzpatrick wrote:
> I don't like the idea of introducing a new URL and specifying the security
> restrictions on what that URL can be (anything under trust_root?).
Huh? The only change I'm proposing (at this point) is removing
post_grant, and defining the behavior to always be what
post_grant=return specified before. I don't see any new URL or new
restrictions necessary in that change. It just eliminates a special
case that makes both the spec and implementations of it more
complicated. Furthermore, I don't see any added value in that special
case, as using it doesn't really save the consumer any work... It just
defers that work until the consumer's next action.
Carl Howells
More information about the yadis
mailing list