On 5/8/2012 10:44 AM, James Hawkins wrote: > As far as the namespace is concerned, I'm not entirely sure we can't > have a high-level 'identify', but I do believe we should make use of > existing technologies instead of inventing a new protocol. Each > identity protocol would have its own action, e.g. > http://specs.openid.net/auth/2.0 for OpenID. The reason for this is > that the client needs to verify the authenticity of the identity w/ > the server, which requires messaging beyond the simple input/response > provided by the basic Web Intents layer. Yeah my take on it is quite similar. I did the OAuth route in our web apps; it doesn't have a standard identity, though every provider has something like a /self/me end-point which returns JSON describing the user. It seems to me that I'd be passing back: {token:'arbitrary', 'endpoint': 'https://url'}; From there, I can do client-side via <iframe> and web messaging for a channel, or server-side for identity. -CharlesReceived on Tuesday, 8 May 2012 19:51:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 May 2012 19:51:55 GMT