[Editing subject line.] On Mon, Jun 7, 2010 at 12:34 PM, SitG Admin <[email protected] > wrote:
> It's not a centralized component[1]. >> > > It is for now, and if you're going to wait for browser upgrades, why not > push for the full OpenID support instead of aiming to provoke them into > patching xAuth so users get privacy back? You're mis-characterizing the arguments here -- please read my blog post. But in general, my answer is that boiling the ocean has proven to be unsuccessful; let's try a different approach. > > > Unfortunately, FUD sells and Eran's post is being retweeted and cited >> pretty widely. >> > > It was the linked-to post in Santosh's thread, so I emphasized the point > that Santosh has consistently missed, both here and in the past. That's fine, I'm just warning people that there's a larger echo chamber effect beyond this one thread. > > > If you're going to agree with his objections, >> > > I agree with the single point about centralization, and the links you > posted are also in agreement. There seems to be no debate here. > I don't want to get into a meta-debate about whether there's a debate. But I disagree that XAuth, as a protocol that people can agree to start using, is centralized. The initial _implementation_ relies on a central DNS name, but that is an accident of today's browser limitations. That's a huge difference from saying that it's inherently centralized. The details are in my blog post, as well as in the responses Chris Messina gave back in April. -John
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
