- From: Dirk Pranke <dpranke@chromium.org>
- Date: Tue, 4 May 2010 19:56:13 -0700
On Tue, May 4, 2010 at 7:40 PM, Robert O'Callahan <robert at ocallahan.org> wrote: > On Wed, May 5, 2010 at 1:27 PM, Dirk Pranke <dpranke at chromium.org> wrote: >> >> The principal difference or change is that as far as I know, Mozilla's >> account manager offers only an out-of-page experience for managing >> your logged-in status. > > I don't think this is true. Sites can report user login status even if the > user logged in using in-page UI. See > https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest#Determining_the_Account_Session_Status > I'm sorry, I was unclear. What I meant was, as far as I know, the Mozilla Account Manager extension offers a consistent UI for logging in and logging out through the chrome of the page (i.e., out-of-page) -- I haven't actually tried the extension lately. In addtiion, you can presumably continue to do in-page login and logout (and display status) using whatever existing mechanism you have, but that will continue to be the same inconsistent UI we have today - every page can do it a little differently. I believe that site authors would like to control the look and feel of the sign-in/sign-out process and offer some sort of in-page way of displaying login status, but there is an obvious tradeoff between control over the UX and creating security risks. They can continue to use the mechanisms they are using today, of course, but that presents the same sort of security issues we have today. What I would like to offer is a way to control some amount of the sign-in/sign-out experience while improving the security, by at least giving an in-page way to trigger sign-in / sign-out (the actual mechanism of collecting the credentials and performing the sign-in would be done by the browser without page intervention, where possible, for security reasons). The Account Manager spec and extensions do not provide any such hooks, as far as I know. -- Dirk
Received on Tuesday, 4 May 2010 19:56:13 UTC