- From: Michiel de Jong <michiel@unhosted.org>
- Date: Tue, 10 Jul 2012 00:30:36 +0300
- To: Evan Prodromou <evan@status.net>
- Cc: public-fedsocweb@w3.org
Hi Evan, I like this because it's a simple solution to an important problem we currently have. i think another solution to the same problem is WebIntents, and obviously remoteStorage can also solve it, but they are more generic solutions to a wider set of problems each, and i think it would be good to experiment also with a more specific solution like the one you describe. it does mean that you have to type in your user address into the widget. so there WebIntents have an advantage because you would presumably have your home node in your installed apps, so that its share intent is always registered. but i understand if you think webintents is too experimental still at this point (only chrome does it natively so far, and few people use browser-installed apps still). I do think it would be cooler to use OAuth2's Implicit Grant flow here. This means that example.net never gets to see the token (unless it harvests it from the js runtime but that would be a weird thing to do). In particular, it would mean the widget could be statics-only, and you remove a example.net from the flow entirely in the widget case. i'm always keen to reduce the role of servers and do more things in client-side javascript. :) Cheers, Michiel
Received on Monday, 9 July 2012 21:31:04 UTC