[OpenID] Automating the user's selection of OP

SitG Admin sysadmin at shadowsinthegarden.com
Tue Apr 21 20:51:25 UTC 2009

>While we can't ever get away from the need to support "dumb browser" 
>experiences, in my mind it makes more sense to optimize for an 
>"identity agent" aware device while not precluding the "dumb 
>browser" experience.

Ideally, we could use *both* techniques in parallel; dumb browsers 
wouldn't have protection against the attack methods yet, and we 
wouldn't *need* them for smart browsers. But we're going to see users 
with Privacy addons that leave us in the worst of both worlds (smart 
enough for the attack tricks not to work, but not smart enough to 
handle OpenID automatically), so we'll still need to have *some* kind 
of generic interface as a fallback.


More information about the general mailing list