You're mis-characterizing the arguments here -- please read my blog post.
Read it. Intent differs from effect. Breaking privacy to encourage browsers to fix it for you is provocative, whether meant to be so or not.
That's fine, I'm just warning people that there's a larger echo chamber effect beyond this one thread.
Thanks. I was only aware of xAuth to the extent that it has been mentioned on these (OpenID) lists.
I disagree that XAuth, as a protocol that people can agree to start using, is centralized. The initial _implementation_ relies on a central DNS name, but that is an accident of today's browser limitations. That's a huge difference from saying that it's inherently centralized.
Agreed. I wasn't trying to say that it was *inherently* centralized, though this was my understanding of Eran's point originally; in my follow-up, I meant exactly what you said, that it starts this way (hence the "provoking browser vendors to fix it" bit).
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
