Anyone seen xauth.org?
atom at yahoo-inc.com
Mon Apr 19 19:35:16 UTC 2010
Yes, XAuth can provide the same functionality as x-has-session, but using a
centralized service, so that RPs can make a single call to Xauth, rather
than multiple simultaneous calls to all the potential OPs.
The Xauth call is cachable (little to no latency), since the Xauth JS should
already be cached by the user's browser, and the flag indicating the user's
login status is stored in the browser's local storage.
Xauth is very similar to the Central Discovery Service proposal:
The biggest open issue is determining who and how the xauth.org service will
On 4/19/10 11:08 AM, "Chris Obdam" <chris.obdam at holder.nl> wrote:
> Looks the same as x-has-session but then locally? Maybe i've missed the
> specs mailing list
> specs at lists.openid.net
More information about the specs