OK. To be clear, I do not believe that XAuth breaks privacy.
Therefore, I don't believe browsers need to 'fix' it.
Um . . . you admit (on the blog post) that the only reason this first
version relies on a single (central) domain is because browsers do
not currently support it. You also want XAuth to "bootstrap" the
(future) browser-centric solution. Let's recap:
1) The browsers, in their current incarnation, do NOT support XAuuth.
2) You see a future where browsers add support for XAuth.
3) You think that XAuth will encourage browsers to add support.
If the status quo persists then THERE IS A PROBLEM (for XAuth).
You are proposing to present browser vendors with a broken model and
say "Here, it doesn't work *exactly* as advertised yet, but if you
add support for it, it will!": this is functionally equivalent to
"We're going to be marketing this to users as if it weren't broken,
so if you don't like that, it's YOUR job to fix it."
-Shade
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
