Anyone seen

Allen Tom atom at
Mon Apr 19 19:35:16 UTC 2010

Hi Chris,

Yes, XAuth can provide the same functionality as x-has-session, but using a
centralized service, so that RPs can make a single call to Xauth, rather
than multiple simultaneous calls to all the potential OPs.

The Xauth call is cachable (little to no latency), since the Xauth JS should
already be cached by the user's browser, and the flag indicating the user's
login status is stored in the browser's local storage.

Xauth is very similar to the Central Discovery Service proposal:

The biggest open issue is determining who and how the service will
be administered.


On 4/19/10 11:08 AM, "Chris Obdam" <chris.obdam at> wrote:

> Looks the same as x-has-session but then locally? Maybe i've missed the
> conversation?
> Cheers,
> Chris
> _______________________________________________
> specs mailing list
> specs at

More information about the specs mailing list