XAuth critiques
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Jun 9 00:19:17 UTC 2010
>>Single point of failure = NON-centralization.
I mis-stated this, sorry; omitted the "de" from "decentralization".
>OK, so now we're back to talking about reliability rather than
>privacy? It's very hard to respond when the topic keeps changing.
Privacy is a feature: when it fails (due to human corruption,
hackers, et all), the effects should be limited by design. (This is
basic damage control.) The single point of failure, in this case, is
about reliability only to the extent that we can rely on "private"
communications *remaining* that way: it's still about privacy.
Akamai is a good approach (since the content is static, that works),
and local apps to import the JS to cache without contacting any
particular server is also a good mitigation.
-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100608/6c8b7453/attachment.html>
More information about the specs
mailing list