Security/identity · 2010-04-21

Quick thoughts on XAuth

It’s the “common domain cookie” trick from Liberty ID-FF and SAML2, except without the notion of a circle of trust. (Thanks to Praveen for forging the CDC connection in my brain.)

Heh.

It’s yet another thing you have to opt out of instead of into. (To disable it, visit XAuth.org from each browser you use.)

Pamela is wise.

I was already getting tired of the “social web” about the end of 2009. Does that make me anti-social?

Ugh — seepage.