Chris Messina

Chris Messina

18p

12 comments posted · 6 followers · following 0

287 weeks ago @ Lucas Gonze's blog - Unite is not Sucky Apache · 0 replies · +1 points

My understanding is that each app is contained in a sandbox... do you mean that a single Unite instance could simply talk to the other sandboxes over HTTP — as though they were just web services on the web, but happen to be served from the local filesystem? Indeed, that IS interesting...!

I just wish they'd pushed forward some of the discovery technologies (XRD/XRDS-Simple) that we've been working on!

287 weeks ago @ Lucas Gonze's blog - music implications of ... · 1 reply · +1 points

I agree with you that having a web server on the client side that's accessible from the rest of the web is awesome. This is why I love SimplifyMedia... It makes it possible for me to access my Mac Mini which holds my 60GB of music from anywhere that has an internet connection.

That said, I think that we still a way to really do P2P-style, disintermediated connections that don't rely on a centralized proxy. It's one thing if you want to bootstrap with such a service — that's fine! — but I think it should be one option among many.

292 weeks ago @ mtrichardson - Why Wordpress · 2 replies · +1 points

Whohoo! Welcome to the land of PHP and the_loop()! ;)

297 weeks ago @ FactoryCity - Does OpenID need to be... · 0 replies · +1 points

I mean in cases where identity is useful or necessary but where you
don't have a browser. Consider if Netflix supported OpenID and you
wanted to access your account on your Blu-Ray player where you have no
web browser.

In that case, you'd need to have a solution "beyond the browser".
Surely you could use OAuth generally, but the idea is identifying
yourself and providing proof of who you are through some out of band
mechanism.

307 weeks ago @ Coding Passion - Would OAuth have preve... · 1 reply · +2 points

For more on this topic, you might take a listen to the podcast that Larry Halff and I did with Alex Payne of Twitter where we reinforced this point:

http://tr.im/cg_10

307 weeks ago @ Twitterrati - Coming Soon: No More P... · 1 reply · +1 points

Just wanted to clarify something about what you said. OAuth is not about using a "universal ID to use third-party applications". Instead, it's merely about substituting an application key and a token in place of your username and password. OpenID more about a universal ID -- so OAuth and OpenID are complementary.

An easier way to think about this is that OAuth is about what you can do, whereas OpenID is about who you are.

310 weeks ago @ Michael Richardson - Single Sign Out · 1 reply · +1 points

Isn't that what the openid_check_immediate function is for? So RPs can immediately look up whether the current user is still signed in?

310 weeks ago @ Michael Richardson - Single Sign Out · 0 replies · +1 points

I think it's important to think about this as a hub-and-spoke model, where Facebook is acting as your identity provider, and therefore you are going to want to stay signed in there the longest, and flit around to other sites here and there, on and off.

If you had to sign in to Facebook EVERY TIME you went to a third party, that'd be a serious buzz kill. (Hence the long-lasting sessions).

Now, that said, it seems like the optimal user experience is a two-step process:

1. log the user out of the local site
2. pop a lightbox that says "we've logged you out of this site; would you also like to sign out of [Identity Provider]?"

If it were baked into the protocol (say, OpenID 2.1??) this would be a pretty great user experience. This is what Facebook's UI currently looks like, FYI:

http://www.flickr.com/photos/factoryjoe/317850696...

310 weeks ago @ Michael Richardson - Single Sign Out · 0 replies · +1 points

You could also add some IP-sniffing or geo-IP smarts to see if the user is in a context where you expect him or her to be and kill sessions accordingly. I'm pretty sure Facebook was doing this when I was in Hawaii -- I swear, every 15 minutes I had to sign back in to Facebook!!

When I'm at home (SF), my session rarely, if ever, expires. Clearly something intentional was going on there. Kind of a nice feature for travelers who use internet kiosks, etc.