Comment 9 for bug 532055
Revision history for this message
| Leonard Richardson (leonardr) wrote Re: Trusted credential-management apps are broken and doomed | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
OK, I agree that the consumer (in this case, Launchpad) shouldn't handle the provider password. Given that, I don't see any way to let the end-user "send an http-authenticated request [to Launchpad] with username and password to create a token." I can come up with standards that would let Launchpad receive an unauthenticated assertion that you own a particular OpenID URL, and redirect you to a URL on the provider's site that lets you prove it, without a web browser getting involved; but do any such standards exist?