Securing HTML vs securing HTTP

Johannes Ernst at
Tue Jan 24 19:33:55 UTC 2006

On Jan 24, 2006, at 11:04, Josh Hoyt wrote:

> The model that I was referring to is using a level of indirection for
> identity services rather than directly entering the URL for those
> services (as LID does). YADIS provides the level of indirection that
> OpenID has and LID does not.

Fair enough. We should say "used to", of course, because LID is  
getting it through the YADIS backdoor as you have pointed out.

Score another one for YADIS, though: by virtue of YADIS, we get the  
indirection case for those technologies that didn't support it  
previously (ie LID), and we get people like Jens the ability to make  
a choice of not going the indirection route (by using LID SSO) -- for  
whatever reasons, whether all of us agree with them or not. That of  
course presumes that library implementors will not just cherry-pick  
which YADIS-enabled features to implement, but support a broad set of  
alternatives in their code, so users can truly choose. Which of  
course was the original idea why we didn't just say "we will have  
this one and only SSO protocol, but allowed for multiple."

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url :
-------------- next part --------------

More information about the yadis mailing list