Frank Mantek wrote: > No. It's more a principal issue. Example: > > - if i go and write my own www.mantek.org <http://www.mantek.org> > website that shows MY calendar, i can easily go and use client login > > - if i create www.mycoolservice.com <http://www.mycoolservice.com> and i > show only MY calendar, it's fine > > - if i create www.youhaveclientsservice.com > <http://www.youhaveclientsservice.com> and i want to show GOOGLE account > data (calendar, blogger, etc...) on my clients behalf, the only way to > do that with client login is that you collect/passthrough you clients > username/password to google. Now, this is all cool and fine, if they do > trust you.... but, would you give a 3rd party your account info for > another party? Considering that this is more than problematic, on > security levels, and most likely most customers won't trust a 3rd party > to actually take care of username/passwords of another site we put out > AuthSub. With AuthSub, you can grant access for a certain set of data > for a 3rd party, where giving the 3rd party your account info means > giving them access to all data...
Well, 99% of users will download an Active/X control and give it full access to their entire machine. 99% of those users will not read the Active/X EULA and in some cases without knowing agree to let the Active/X component parse their private data and log which websites they go to etc... Don't get me wrong, because in theory I agree with you. I even went further down this path; several years ago I designed and put into production a feature similar to AuthSub that allowed folks to share _encrypted_ calendars. It was even more secure than AuthSub in that the server couldn't decrypt the calendar components, yet a group could share access to individual components and view/edit them just fine. > Makes more sense? Or did i misunderstand your question ? I agree with the theory. It's just that given the choice between security and broken (hosted calendars will not sync because of AuthSub), or less security and working (hosted calendars will sync with ClientLogin) almost everyone will choose the latter. If AuthSub will work with hosted calendars soon, that would be fantastic. Thank you for responding. Cheers. -- Free replacement for Exchange and Outlook (Contacts and Calendar) http://www.ScheduleWorld.com/tg/ WebDAV: http://www.ScheduleWorld.com/sw/webDAVDir/4000.ics VFREEBUSY: http://www.ScheduleWorld.com/sw/freebusy/4000.ifb --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi -~----------~----~----~----~------~----~------~--~---
