Seemless Single Signon

Martin Atkins mart at degeneration.co.uk
Fri May 20 07:34:18 PDT 2005


Sam Ruby wrote:
> 
>  From the user's point of view, they are the ones authoring the post. 
> Why do they need to give themselves permission to do so?
> 

They don't give themselves permission, they give the ID server 
permission to assert their identity. LiveJournal's ID server has a "Yes; 
never ask me again" option which allows future assersions on the same 
site without agreeing again.

The idea here is to stop sites checking on users without their 
permission. It's true that their ability to do this is limited -- they 
can only check for specific IDs, rather than asking "who is logged in?" 
-- the concern is there.

It's likely that ID servers will provide the option for certain users to 
never be asked for permission again for any site, at which point they 
will never see the approval page again.



More information about the yadis mailing list