Will Norris

Will Norris

16p

6 comments posted · 3 followers · following 0

237 weeks ago @ Joe Gregorio | BitWorking - WebFinger | BitWorkin... · 0 replies · +1 points

That is the *latest* draft, but will most likely not be the final draft. I plan to include some of the suggestions from Patrick (http://lists.oasis-open.org/archives/xri-comment/...

289 weeks ago @ Michael Richardson - Single Sign Out · 2 replies · +2 points

In the chattr use case, as you've pointed out, you're not really talking about logging out... just setting your status on that site. This would have to be a feature that site provides.

With Google, you have this problem even without OpenID. You can't be logged in to different Google services with different Google accounts. The only exception to this is if you have hosted services with Google Apps... that stores a separate cookie than the normal Google services.

289 weeks ago @ Michael Richardson - Single Sign Out · 0 replies · +2 points

Michael, you're stupid. There are much better ways to do this. :)

Actually, there aren't... you've hit the most common approaches. I haven't looked at Facebook's implementation too closely, what do they do?

301 weeks ago @ Skis / Toys / Fun - Alternative to OpenID · 0 replies · +1 points

You're absolutely right that the same thing could be accomplished with DNS entries. But given that OpenID 2.0, OAuth, and a number of other "Open Web" protocols being worked on right now are using XRDS for discovery, it seemed a natural choice. There may have been other factors contributing to the decision not to use DNS (I know we talked about it), but I don't remember.

301 weeks ago @ Skis / Toys / Fun - Alternative to OpenID · 2 replies · +1 points

EAUT isn't a third party service... it's just a specification for converting the email address into a URL. The only parties involved are the relying party and the email provider. There is a fallback service (emailtoid.net) which can be used for email providers who don't yet support EAUT, but we're realizing even that may not be the best approach.

301 weeks ago @ Skis / Toys / Fun - Alternative to OpenID · 3 replies · +1 points

You might be interested in the Email Address to URL Transformation spec... it does basically what you're describing but uses XRDS instead of DNS for discovery. Mashable did a good write-up of it here.