Re: [Auth]I think I have it... (browser auth interaction: simple and clean)

[Mario D. Santana]

david nicol wrote:
>
> John wrote:
> 
>  "Does this solve the browser problem?"
> 
> No.

I think a more precise answer is "To the extent possible, yes. But no 
further."

Andrew Scherbinsky &co. came up with something he calls Flysolo a while
back, which sounds something like what John is suggesting. I think it's
an excellent solution, it's easy to integrate into existing websites, and
it solves the browser problem as well as it can be solved, IMHO. See the
"Conviently taking control of our personal information" links at http://
members.rogers.com/alberts -- while some of the language emphasizes
single-sign-on scenarios, the implementation (at http://sf.net/projects/
flysolo) can use profile information in just as clean a way. Albert has
his Netscape/IE plugin available from Sourceforge, IIRC, and I've written
a proof-of-concept plugin for mozilla.

In the end, though, I think this browser question is best answered in the
context of a security framework. Like John said, a human-driven browser
is just another webservice, albeit one with interesting characteristics.
So I think we should get a good grasp on DotGNU's auth design before we
worry about this too much.

Cheers!

mds
-- 
Be braver -- you can't cross a chasm in two small leaps.