Re: Distributing the user interface for social networks from Michiel de Jong on 2012-07-10 (public-fedsocweb@w3.org from July 2012)

From: Michiel de Jong <michiel@unhosted.org>
Date: Tue, 10 Jul 2012 14:36:07 +0300
To: Antonio Tapiador del Dujo <atapiador@dit.upm.es>
Cc: public-fedsocweb@w3.org
Message-ID: <CA+aD3u1zVrJC9GVxDZz-6tW3Zz9-h2p-fFULdZQJhju8_H4kyg@mail.gmail.com>

On Tue, Jul 10, 2012 at 1:01 PM, Antonio Tapiador del Dujo
<atapiador@dit.upm.es> wrote:
> I really like the idea of a widget providing access to all the federated
> identity providers. However, there is the security issue. At the end, you
> are authorizing the widget provider, who is the one who makes the
> publication, but not page that includes the widget. Need more experience
> here also.

i think a client-side widget could fix that. if the widget is audited
javascript code which allows the user to input their user address, and
then makes a cross-origin xhr call directly to the home node, then
there is no widget provider involved.

Received on Tuesday, 10 July 2012 11:36:37 UTC