[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Social] Re: Privacy-over-Webfinger Draft

From: Brett Slatkin
Subject: [Social] Re: Privacy-over-Webfinger Draft
Date: Fri, 16 Jul 2010 18:15:11 -0700

Hey Blaine,

Thanks for typing this up!

I think I understand what you're trying to do here, and I appreciate
the "I really don't care how you do auth" approach; the core of what
you want is the "From" header.

I think it would be very helpful for newbies to this idea of
"asynchronous authentication" if you provided a complete play-by-play
flow of subscribing to content where you actually use real protocols
for each step in the process (e.g., PubSubHubbub with WebFinger
callback auth). Then you can highlight the parts that are pluggable
and abstract from there. Of course this would be non-normative.


On Tue, Jul 13, 2010 at 6:34 PM, Blaine Cook <address@hidden> wrote:
> Attached is a[n early] and long-promised draft of a relatively
> insecure but easy-to-implement approach to decentralized authorization
> using webfinger. Feedback is most welcome, especially in the lead-up
> to the Federated Social Web summit in Portland this weekend.
> For those concerned about security, don't despair, crypto can be
> layered on like maple syrup at a sugar shack. :-)
> b.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]