- From: Michiel de Jong <michiel@unhosted.org>
- Date: Tue, 10 Jul 2012 14:36:07 +0300
- To: Antonio Tapiador del Dujo <atapiador@dit.upm.es>
- Cc: public-fedsocweb@w3.org
On Tue, Jul 10, 2012 at 1:01 PM, Antonio Tapiador del Dujo <atapiador@dit.upm.es> wrote: > I really like the idea of a widget providing access to all the federated > identity providers. However, there is the security issue. At the end, you > are authorizing the widget provider, who is the one who makes the > publication, but not page that includes the widget. Need more experience > here also. i think a client-side widget could fix that. if the widget is audited javascript code which allows the user to input their user address, and then makes a cross-origin xhr call directly to the home node, then there is no widget provider involved.
Received on Tuesday, 10 July 2012 11:36:37 UTC