Anyone seen xauth.org?

Allen Tom atom at yahoo-inc.com
Mon Apr 19 19:35:16 UTC 2010


Hi Chris,

Yes, XAuth can provide the same functionality as x-has-session, but using a
centralized service, so that RPs can make a single call to Xauth, rather
than multiple simultaneous calls to all the potential OPs.

The Xauth call is cachable (little to no latency), since the Xauth JS should
already be cached by the user's browser, and the flag indicating the user's
login status is stored in the browser's local storage.

Xauth is very similar to the Central Discovery Service proposal:
http://sites.google.com/site/oauthgoog/UXFedLogin/central-discovery-service

The biggest open issue is determining who and how the xauth.org service will
be administered.

Allen



On 4/19/10 11:08 AM, "Chris Obdam" <chris.obdam at holder.nl> wrote:

> Looks the same as x-has-session but then locally? Maybe i've missed the
> conversation?
> 
> Cheers,
> 
> Chris
> 
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs



More information about the specs mailing list