- From: Charles Pritchard <chuck@jumis.com>
- Date: Sun, 06 May 2012 19:09:23 -0700
- To: Doug Schepers <schepers@w3.org>
- CC: public-web-intents@w3.org, Harry Halpin <hhalpin@w3.org>
On 5/6/2012 2:53 PM, Doug Schepers wrote:
> I propose that we have another intent, 'Login' (I don't care about the
> name... it could be 'SignOn', 'SignIn', 'SelectIdentity', or
> whatever). This would let users select from their choice of Identity
> Providers (IDPs), or to create or use a bespoke account for that
> specific site.
>
> A corollary to this would be 'Comment' or 'Discuss', which is often
> hosted by third-party services like Disqus.
How do we verify the authenticity of the ID?
event={ data: { user: 'arbitrary' }, origin: 'example.com' };
Intent doesn't have a mechanism for checking that the origin is example.com.
Received on Monday, 7 May 2012 02:09:51 UTC