[OpenID] XAuth critiques
John Panzer
jpanzer at google.com
Tue Jun 8 05:12:16 UTC 2010
On Mon, Jun 7, 2010 at 8:01 PM, SitG Admin
<sysadmin at shadowsinthegarden.com>wrote:
> It isn't decentralized (you have admitted this yourself!).
>>>
>>>
>> So what degree of decentralization is necessary for non-brokenness in
>> your philosophy? Is ICANN allowable?
>>
>
> Again, just remember your own words:
>
> "Objection: The implementation relies on a single domain."
>
That's the objection I've heard from other people.
>
> This is how you are doing things RIGHT NOW.
>>>
>>>
>>> THAT is what makes XAuth broken.
>>>
>>>
>> So you're saying Peter's suggestion is exactly as broken?
>>
>
> Read carefully: this is how YOU are doing things.
>
Best as I can tell, Peter's suggestion for doing things through browser
extensions (downloaded from, say, xauth.org) has exactly the same issues
with centralization as the JS based solution does. I'm not really sure what
else you're implying but I'll drop it for now as it's late and I'm tired.
>
> Peter's replies have already covered everything else I might have said,
> with notable thoroughness and elegance at that, so I will bow out for now,
> with one exception: I will try to assemble a Venn diagram depicting the
> XAuth concepts and where you/me/Peter reside along them.
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100607/4acefc2f/attachment.html>
More information about the general
mailing list