Comment 15 for bug 532055

Keeping our current authentication-through-the-browser story, augmented with a desktop application that can have the browser authentication happen once, and handle permissions by proxy afterwards, is an approach that works with the current state of the art for OpenID and OAuth. I believe it will be reasonable and sufficient for our use cases.

Leading an initiative for a non-browser OpenID protocol is interesting but, given all the other work we have on our plate, a "Won't Fix." I'm also generally not interested in non-OpenID-based authentication at this time.

If/when there's an existing OpenID-based initiative to provide this, I'm happy to reconsider the idea.