XAuth critiques
Ben Laurie
benl at google.com
Tue Jun 8 16:55:30 UTC 2010
On 8 June 2010 17:39, Story Henry <henry.story at bblfish.net> wrote:
>
> On 8 Jun 2010, at 07:17, Eran Hammer-Lahav wrote:
>
> > If Google, Yahoo, Microsoft, and the rest of the companies supporting the
> OpenID effort deployed the server-side half of this proposal, and spent a
> little money on developing plug-ins for all the major browsers (with Google
> and Microsoft able to also include it in the next release of their browser),
> it will create the tipping point in getting some form of identity selector
> in the browser.
> >
> > It was one thing for the OpenID community of 3 years ago to hack the
> protocol around the limitations of that time. These arguments are just
> insincere when they come from Google, now that you have a pretty successful
> browser (especially considering its age) and massively huge web footprint to
> promote such a feature.
>
> Why should browser manufacturers bother to install this in the browser and
> maintain it, when they already have an excellent identification protocol
> built into https?
>
> The fact that this group wishes to ignore the existence of SSL does not
> make it not be there.
>
> Just check out the video of it on http://webid.myxwiki.org/
> to see it working!
>
I would really like to see better support for client certificates in
browsers so that this became less clunky around the certificate management
aspects...
>
> Henry
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100608/e3f6e321/attachment.html>
More information about the specs
mailing list