XAuth critiques

SitG Admin sysadmin at shadowsinthegarden.com
Wed Jun 9 15:02:55 UTC 2010


>>  This would certainly be a poor UI.  I can imagine better ones, but more to
>>  the point, the marketplace can decide what the best UI is in this case.
>
>Better ones like what?  I'm serious. The current XAuth spec has an 
>IdP/Extender
>deciding upfront which RP should be allowed to see the end user has a
>relationship to the IdP. I cannot imagine how you'd build a UI to fix that
>problem. If you can imagine a UI improvement, please describe it!

I believe John's argument here is that UI development can be crowd-sourced:

We *can* go to all the trouble of imagining better ones, but why 
*should* we when all the differently-thinking users out there will 
demand their own best changes once they see the prototype?

-Shade


More information about the specs mailing list