OpenID in desktop apps
Joseph A Holsten
joseph at josephholsten.com
Sun Feb 8 02:49:10 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Messina supposedly wrote:
> I wanted to point out a disturbing but insightful trend that I've
> seen in apps, both on the Mac and iPhone lately... essentially
> embedding a WebKit view inside the app for doing delegated
> authentication. Example:
>
> http://www.flickr.com/photos/factoryjoe/3260710115/
>
> Without the URL bar (presuming that the URL bar hasn't been
> tampered with), it's impossible to know who is hosting this page.
> Facebook is also none-the-wiser about whether this experience is
> taking place from within the browser or within some custom app. I
> also don't see how this can be stopped.
>
> I'd like to hear your thoughts about this, given our desire to push
> the popup experience forward, mandating, I presume, visibility of
> the URL bar in these flows.
Much as I appreciate the feedback of the browser bar, it's still
fallible. Even broken ssl certs go ignored. I personally keep mine
hidden by default.
Is showing the browser bar the 80% that matters? Is a deeper change
needed?
http://josephholsten.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkmOSCcACgkQrPgSa0qMrmFp5wCgiA8/UWffKqd3uZiM9A9VbXuN
mHQAn3T4FhYaTQLPIrNvVq5VNZ4jIfQH
=hy8b
-----END PGP SIGNATURE-----
More information about the user-experience
mailing list