Melvin Carvalho wrote: > It's a good idea to have some kind of decentral system, whether it be > openid or ssl. > > These diagrams may give you a flavour of the interactions you'd use in > each case: > > http://esw.w3.org/topic/PushBackDataToLegacySourcesAuthentication > > Both are great solutions, imho, openid/oauth slightly more mature, ssl > slightly fewer interactions/redirections, you'll have to decide what > suits best.
I'm not entirely sure what on Web calls for things like OpenID redirects. Is it because the web browser is dumb? Because if you have a non-dumb browser, it can keep state. You don't need much more than the masterKey and the subsequent services keys -- that's enough. If you can keep that state on the client side, there is absolutely no need for redirects of any sort. The user logs in to his/her identity service (whatever that is) *first*, and moves on to using any services he/she wants without ever needing those services to redirect. So what is it about the Web that made people come up with this idea of redirecting the login procedure across trust domain boundaries? _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
