« A little Type goes a long way | Main | Does anyone actually care about Atom Activity Streams? »



Feed You can follow this conversation by subscribing to the comment feed for this post.


Well-said -- not sure how the blogosphere seems to have overlooked all of these issues today in the flurry of coverage. FWIW, I still think that using webfinger is a practically achievable way to let a user indicate which services they think would be the best options for sharing tools/actions, without a new middleman, which can be augmented with delegated auth, and is simple to implement.

OAuth Lover Fat

I'm also very disappointed to see no option to completely opt-out of being discoverable by services as part of the spec. No site has a right to know whether I use another site. Period.


So you can't use XAuth for non-browser based services? If it's not a show-stopper, it's certainly an anchor/parachute.

Marcus Westin

OAuth lover: You can easily disable xauth at http://xauth.org/

max engel

i too saw this an immediately wondered why this couldn't be done with a more explicit expression of identity plus webfinger. who will provide oversight to this organization? it seems creepy that i should have to go somewhere to opt-out of being tracked like a social flash-cookie. also, having a single point of failure seems like a step backwards in terms of efforts to build an open and distributed social web.


Martin: you nailed my issues with XAuth exactly. See http://evan.status.net/notice/19474 for my micro-take. I'm happy to see

But I see the limited value to this system -- reducing the number of "login with..." stickers is a laudable UI improvement. If the name of the protocol was AreYouLoggedInto, it'd make a lot more sense.

Incremental integrative steps are a good idea. Important not to overstate their value and burn people out too soon.

John Panzer

1. Spof is not a key feature of the protocol, just an artifact of current implementation. Walk then fly.
2. Query by reltype is the next obvious addition and is being worked on.
3. Got any suggestions? Bad actors are readily identifiable...

The comments to this entry are closed.