Non-browser Identity Verification

Brad Fitzpatrick brad at danga.com
Wed May 18 12:48:45 PDT 2005


On Wed, 18 May 2005, Martin Atkins wrote:

> The local web server approach will never work because no-one with any
> sense allows arbitrary incoming connections from the Internet. Some
> people explicitly block it, others just use some wacky NAT setup. Your

No connection is coming from the outside!

The consumer app is running on the desktop.  It launches a browser window
to, say, livejournal.com.

Livejournal.com redirects to 127.0.0.1.

So the browser (running on localhost) now connects to that one-hit
webserver, which the app owns.

> The silly thing is that the browser mode is really the special case.

That's classic Mart right there.  :)

That's the case I'm working to solve.  Go join one of those theory working
groups and I'll see your implementation in 10 years.  This is about
solving the common case today.

SupportOffice.org is already using OpenID to not take LiveJournal user's
passwords, so I already consider this project a success.

If your non-browser of the future appears in 10 years, we'll change
something when we see it.  There's short-sighted, and then there's
practical.

- Brad


More information about the yadis mailing list