Comments on: XAuth: First Take http://eternallyoptimistic.com/2010/04/20/xauth-first-take/ Wed, 10 Aug 2011 17:44:16 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Pushing String » Quick thoughts on XAuth http://eternallyoptimistic.com/2010/04/20/xauth-first-take/comment-page-1/#comment-564 Pushing String » Quick thoughts on XAuth Wed, 21 Apr 2010 14:34:25 +0000 http://eternallyoptimistic.com/?p=1558#comment-564 [...] Pamela is wise. [...] [...] Pamela is wise. [...]

]]> By: Pamela http://eternallyoptimistic.com/2010/04/20/xauth-first-take/comment-page-1/#comment-562 Pamela Wed, 21 Apr 2010 03:06:18 +0000 http://eternallyoptimistic.com/?p=1558#comment-562 Nat wasn't able to comment (my apologies) - so he posted on his own blog: http://www.sakimura.org/en/modules/wordpress/re-xauth-first-take. Here is the text of his comment (and I appreciate the points!) : "Since the site did not accept the comment… This is a reply to: http://eternallyoptimistic.com/2010/04/20/xauth-first-take/ XAuth seems to be nothing but a shared cookie, so it may not be a single point of failure. The RPs do not seem to communicate with the xauth.org so it should not be a critical problem even if the server was failing. At the very worst, the RP has to show all the NASCAR icons. That is all. At the same time, it would have an interesting (not fun) security implications on a shared computer, but I have not done the analysis yet. And right, I feel that it is taking user out of the cycle as well. It would have been much better if it just points to the location of the user’s XRD/s that lists all the services that a user can edit, but that may be way too esoteric. I agree that it is not user centric. It is service centric in philosophy, but that may be what the user is asking as a priority: “ease of use”. " Nat wasn’t able to comment (my apologies) – so he posted on his own blog: http://www.sakimura.org/en/modules/wordpress/re-xauth-first-take.

Here is the text of his comment (and I appreciate the points!) :

“Since the site did not accept the comment…

This is a reply to: http://eternallyoptimistic.com/2010/04/20/xauth-first-take/

XAuth seems to be nothing but a shared cookie, so it may not be a single point of failure. The RPs do not seem to communicate with the xauth.org so it should not be a critical problem even if the server was failing. At the very worst, the RP has to show all the NASCAR icons. That is all.

At the same time, it would have an interesting (not fun) security implications on a shared computer, but I have not done the analysis yet.

And right, I feel that it is taking user out of the cycle as well. It would have been much better if it just points to the location of the user’s XRD/s that lists all the services that a user can edit, but that may be way too esoteric. I agree that it is not user centric. It is service centric in philosophy, but that may be what the user is asking as a priority: “ease of use”. “

]]> By: Up Next For Facebook: Expect More Open Interactions | Tech Alps http://eternallyoptimistic.com/2010/04/20/xauth-first-take/comment-page-1/#comment-561 Up Next For Facebook: Expect More Open Interactions | Tech Alps Tue, 20 Apr 2010 22:03:25 +0000 http://eternallyoptimistic.com/?p=1558#comment-561 [...] says XAuth will eventually be released under an open source license, there are currently several unanswered questions about its design and its privacy implications that may hold it [...] [...] says XAuth will eventually be released under an open source license, there are currently several unanswered questions about its design and its privacy implications that may hold it [...]

]]> By: futureidentity http://eternallyoptimistic.com/2010/04/20/xauth-first-take/comment-page-1/#comment-559 futureidentity Tue, 20 Apr 2010 14:56:42 +0000 http://eternallyoptimistic.com/?p=1558#comment-559 Oh, but wait...! The "Disable XAuth" button appears not to do anything. Isn't that cute? Oh, but wait…! The “Disable XAuth” button appears not to do anything. Isn’t that cute?

]]> By: futureidentity http://eternallyoptimistic.com/2010/04/20/xauth-first-take/comment-page-1/#comment-558 futureidentity Tue, 20 Apr 2010 14:52:54 +0000 http://eternallyoptimistic.com/?p=1558#comment-558 Fascinating indeed. A visit to the XAuth.org site tells me that it is enabled in my browser... which suggests a complete lack of user transparency on their part. Just on that basis, I'm inclined to turn it off... Fascinating indeed. A visit to the XAuth.org site tells me that it is enabled in my browser… which suggests a complete lack of user transparency on their part.

Just on that basis, I’m inclined to turn it off…

]]>