Seemless Single Signon
Sam Ruby
rubys at intertwingly.net
Fri May 20 07:44:25 PDT 2005
Martin Atkins wrote:
> Sam Ruby wrote:
>
>> From the user's point of view, they are the ones authoring the post.
>> Why do they need to give themselves permission to do so?
>
> They don't give themselves permission, they give the ID server
> permission to assert their identity. LiveJournal's ID server has a "Yes;
> never ask me again" option which allows future assersions on the same
> site without agreeing again.
>
> The idea here is to stop sites checking on users without their
> permission. It's true that their ability to do this is limited -- they
> can only check for specific IDs, rather than asking "who is logged in?"
> -- the concern is there.
/me scratches his head.
The actual question is "was X authored by Y?".
What's to stop me from asking multiple times? And why would you want to
stop me from asking this question?
I feel like I am missing something obvious here.
> It's likely that ID servers will provide the option for certain users to
> never be asked for permission again for any site, at which point they
> will never see the approval page again.
In the AJAX or classic fallbacks, I can see some value in not even
allowing the creating of the iframe, etc; but we are talking about the
browser plugin seemless single signon here, right?
- Sam Ruby
More information about the yadis
mailing list