[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Social] Re: Privacy-over-Webfinger Draft

From: Ben Laurie
Subject: [Social] Re: Privacy-over-Webfinger Draft
Date: Wed, 14 Jul 2010 14:47:34 +0100

On 14 July 2010 02:34, Blaine Cook <address@hidden> wrote:
> Attached is a[n early] and long-promised draft of a relatively
> insecure but easy-to-implement approach to decentralized authorization
> using webfinger. Feedback is most welcome, especially in the lead-up
> to the Federated Social Web summit in Portland this weekend.

What summit is this?


a) So much of the spec is out of scope, this doesn't really describe a
mechanism at all.

b) Webfinger is used, it seems, to do all-or-nothing delegation to the
Client. What about scoped delegation?

> For those concerned about security, don't despair, crypto can be
> layered on like maple syrup at a sugar shack. :-)

Not using HTTP throughout would probably be a good start.

> b.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]