[OpenID] Persistent logins
Nic James Ferrier
nferrier at tapsellferrier.co.uk
Tue Mar 13 17:48:50 UTC 2007
"Max Metral" <max at artsalliancelabs.com> writes:
> I was afraid this might be the case. It's a pretty big hole I would
> submit, because sites aren't going to make their members suffer by
> having to login repeatedly (if they don't want to), but members
> shouldn't have to answer that question many times, and I shouldn't have
> to sacrifice the ability to undo a previous decision (on a different
> machine). So either the IDPs have to start implementing custom tools,
> or the protocol needs an extension. (or I'm missing something)
>
> In my past life I built Microsoft Passport, and I remember confronting
> these same problems. I won't bore (or somehow compromise) the list by
> describing the solution, but suffice to say it was "unpleasant" but
> worked. In the end, if check_auth isn't server-to-server only, it would
> seem we'd need that mechanism. And it would be even better if the
> consumer got to specify it's desire for that kind of assertion up
> front.
There are solutions to the separate problem of machine to machine
identity assertion which might work.
I don't personally like those much though, given that I have a
provider that does silent authentication (http://prooveme.com)
--
Nic Ferrier
----------------------------------------------------------
Need a linux/java/python/web hacker? I'm in need of work!
----------------------------------------------------------
http://www.tapsellferrier.co.uk
More information about the general
mailing list