[OpenID] XAuth critiques
John Panzer
jpanzer at google.com
Mon Jun 7 19:54:06 UTC 2010
[Editing subject line.]
On Mon, Jun 7, 2010 at 12:34 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:
> It's not a centralized component[1].
>>
>
> It is for now, and if you're going to wait for browser upgrades, why not
> push for the full OpenID support instead of aiming to provoke them into
> patching xAuth so users get privacy back?
You're mis-characterizing the arguments here -- please read my blog post.
But in general, my answer is that boiling the ocean has proven to be
unsuccessful; let's try a different approach.
>
>
> Unfortunately, FUD sells and Eran's post is being retweeted and cited
>> pretty widely.
>>
>
> It was the linked-to post in Santosh's thread, so I emphasized the point
> that Santosh has consistently missed, both here and in the past.
That's fine, I'm just warning people that there's a larger echo chamber
effect beyond this one thread.
>
>
> If you're going to agree with his objections,
>>
>
> I agree with the single point about centralization, and the links you
> posted are also in agreement. There seems to be no debate here.
>
I don't want to get into a meta-debate about whether there's a debate. But
I disagree that XAuth, as a protocol that people can agree to start using,
is centralized. The initial _implementation_ relies on a central DNS name,
but that is an accident of today's browser limitations. That's a huge
difference from saying that it's inherently centralized. The details are in
my blog post, as well as in the responses Chris Messina gave back in April.
-John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100607/0048e6cf/attachment.html>
More information about the general
mailing list