Seemless Single Signon

Martin Atkins mart at
Fri May 20 09:10:27 PDT 2005

Sam Ruby wrote:
> In the AJAX or classic fallbacks, I can see some value in not even 
> allowing the creating of the iframe, etc; but we are talking about the 
> browser plugin seemless single signon here, right?

When a browser plugin is in play, the user's click on the 
plugin-provided "Log in!" implies permission. However, the protocol as 
it stands can't differentiate between the plugin making the request and 
some script on the site making the request, so it asks you for 
authorization in both cases.

I agree that it would be nice if the plugin could bypass the 
authorization stage, but I'm not sure how that can be done without 
opening up a privacy hole since the page can (in theory) do anything 
that the plugin can.

More information about the yadis mailing list