The AuthSub authorization page will contain some warnings if you have not registered your app with the Google Accounts API and if you are not digitally signing the requests from your app to the Google Data APIs. The "three levels" of warning messages are detailed here:
http://code.google.com/apis/accounts/docs/AuthSub.html#registeredapps http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html There is additional information on digitally signing requests from your app to Google Data services here: http://code.google.com/apis/accounts/docs/AuthSub.html#signingrequests There is even a discussion group specifically for these kinds of questions for the Google Accounts API: http://groups.google.com/group/Google-Accounts-API While you are at it, you might want to look into OAuth which is a more widely used and open standard than AuthSub, though in practice either are usable with Google Data APIs. Happy coding, Jeff On May 22, 3:03 pm, GenghisOne <[email protected]> wrote: > Looks like Google has done some usability research on > authentication... > > http://sites.google.com/site/oauthgoog/UXFedLogin > > I particularly liked the guiding principles... > > [1] Design for usability > [2] Leverage what users already know > [3] Design for widespread adoption > [4] Allow for gradual migration > > Very nice but I'm not so sure that AuthSub perfectly aligns with these > principles. > > On May 22, 11:38 am, GenghisOne <[email protected]> wrote: > > > I'm trying to make sense of Google's authentication framework and > > determine if it introduces any usability risks. > > > Here's what I found in an online Google resource and if I'm reading it > > right, I think we've got a bit of a usability problem: > > > Fromhttp://code.google.com/apis/accounts/docs/AuthSub.html > > **** > > > [1] When the web application needs to access a user's Google service, > > it makes an AuthSub call to Google's Authentication Proxy service. > > > [2]The Authentication service responds by serving up an Access Request > > page. This Google-managed page prompts the user to grant/deny access > > to their Google service. The user may first be asked to log into their > > account. > > > *** > > > Does AuthSub really inject some kind of security warning page into the > > user experience? If so, has anyone asked what everyday users think of > > this? > > > Thx. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
