2009/9/29 James Wanga <jwa...@gmail.com>: > > I completely agree that having a single point of authentication is > ideal. However, security and usability have always been an > inharmonious pair. When a new pattern offers a significant security > improvement in exchange for an marginal usability sacrifice, we adopt > it. The danger of the redirection pattern is that it asks for a > usability sacrifice in exchange for an imaginary security improvement. > The only security value is that users MAY, over time, grow skeptical > of entering their credentials in third party apps. This can be easily > mitigated by more sophisticated phishing sites. The bottom line is, we > gain so little from redirection that isn't worth the usability penalty > no matter how unpalatable it is to enter your creds in a third party > app.
I'm getting a little sick of the argument that the redirection flow has worse usability than entering a username / password. The redirect flow is straight-forward and easy to understand. There are plenty of applications that are deployed, using this method, and to great success. Just because some designers get persnickety that they don't have complete control over the experience doesn't mean it's bad. b. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
