Kyle Brady: A Blog - Latest Comments in idAuth Proposal, Take 2

Re: idAuth Proposal, Take 2

Tom — Fri, 30 May 2008 11:42:29 -0000

That's the right approach-- focus on the user scenarios and making the user experience right. The engineers can then work their magic to support the requirements.

The idAuth idea plays nicely with the "commenter's bill of right" posted over at Disqus. To enforce these rights, a system of definitive comment ownership is needed.

http://bigheadlabs.com/~daniel/draft/acommenter...

Things are headed in the right direction!

Re: idAuth Proposal, Take 2

bradyk — Thu, 29 May 2008 21:12:54 -0000

Hey Tom,

Thanks!

I understand the cookies are going to be a problem, and I'm aware that there are a few domain restriction workaround attempts, but I wanted to have somewhere to start. How it actually works (from a technical perspective) is going to be part of the process...

In the same vein, I want to specifically avoid a "true" auth system, at least for now, because of the high-cost of the user experience... I don't want this to be used by the tech elite. I want this to be used by grandma. ;-)

--Kyle

Re: idAuth Proposal, Take 2

Tom — Thu, 29 May 2008 19:08:40 -0000

I like the idea-- it's a step towards giving me control over all content I publish/contribute on the web, whether a blog post or a blog comment, a photo, etc.

I'm not a member of SID, so not sure what's being discussed, but the cookie idea can be problematic since the blog comment system will be unable to read cookies set by the aggregator (unless they are in the same domain). This is why federated auth systems implement an intermediate redirect, passing encrypted information in the querystring and ultimately two cookies get set, one in each domain. (Or backend web-service calls are made.)