Comment 6 for bug 532055
Revision history for this message
| Martin Pool (mbp) wrote Re: Trusted credential-management apps are broken and doomed | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Just a few other points:
It's pretty common for other OpenID-accepting sites to also give users the option to create a password, so there are multiple credentials associated with their account. Accepting OpenID doesn't necessarily mean that external apps can't do username/password authentication.
Desktop apps and browsers are in practice running in the same security domain. There are good reasons to avoid people giving their username/password to other web apps but this doesn't apply to desktop apps.
People already do run Launchpad clients from text-only servers and from non-Ubuntu desktops. So anything that _requires_ having a special client side app is also doomed.
istm that leaving open the option to send an http-authenticated request with username and password to create a token, without needing to fake a browser, would be useful.