Non-recoverable auth failure?
mart at degeneration.co.uk
Tue Jun 28 19:48:53 PDT 2005
Brad Fitzpatrick wrote:
> Okay, okay, now we're talking.
> That proposal I think I actually like. (I also hate the weird
> post_grant special cases, btw.)
> back to you.
> In particular, I want to test an automatic AJAX mode:
> -- original window opens a full-sized new window, remembering
> the new window's reference
> -- new window does identity trust, returns, finds window.opener (if it
> still exists after moving between domains?), and then completes
> transaction by talking to window.opener
> If so (and I think it'll be fine) then I'm all in favor of dropping
> post_grant and making the spec say it always returns.
> Anybody else for/against that?
> - Brad
Even if you can't do all that fancy stuff, there's no reason why you
can't do window.close(), right? So losing the special case doesn't cost
I'm for. Anything to reduce the number of little wacky things that ID
servers have to handle.
More information about the yadis