On Fri, Nov 02, 2007 at 05:35:31PM -0700, John Panzer wrote: > Two answers: > > (1) For interactions mediated through your container page to your own server > via XHR, you can use your own auth mechanisms (cookies or extra headers for > example). This should cover most use cases. > > (2) We're not expecting the rest of the world to implement the server side > of AuthSub. We'd like to use an open standard for this, and we're looking > hard at OAuth (http://oauth.net) for this purpose. If this happens of > course we'd accept OAuth credentials as well as AuthSub in our own REST > API. Feedback is welcomed!
+1 on OAuth. We're already working on replacing the Hi5 auth mechanism with it. It is pretty similar to AuthSub. -- Paul Lindner hi5 Architect [EMAIL PROTECTED]
pgp3BPd3edXP8.pgp
Description: PGP signature
