- From: Charles Pritchard <chuck@jumis.com>
- Date: Tue, 08 May 2012 12:51:30 -0700
- To: James Hawkins <jhawkins@chromium.org>
- CC: Eiji Kitamura <agektmr@google.com>, Doug Schepers <schepers@w3.org>, public-web-intents@w3.org, Harry Halpin <hhalpin@w3.org>, nov matake <matake@gmail.com>
On 5/8/2012 10:44 AM, James Hawkins wrote:
> As far as the namespace is concerned, I'm not entirely sure we can't
> have a high-level 'identify', but I do believe we should make use of
> existing technologies instead of inventing a new protocol. Each
> identity protocol would have its own action, e.g.
> http://specs.openid.net/auth/2.0 for OpenID. The reason for this is
> that the client needs to verify the authenticity of the identity w/
> the server, which requires messaging beyond the simple input/response
> provided by the basic Web Intents layer.
Yeah my take on it is quite similar. I did the OAuth route in our web
apps; it doesn't have a standard identity, though every provider has
something like a /self/me end-point which returns JSON describing the user.
It seems to me that I'd be passing back: {token:'arbitrary', 'endpoint':
'https://url'};
From there, I can do client-side via <iframe> and web messaging for a
channel, or server-side for identity.
-Charles
Received on Tuesday, 8 May 2012 19:51:55 UTC