Re: [Auth]simplest design

[Norbert Sendetzky]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> "protocol" sounds somewhat sophisticated to me.

Protocol means only an arrangement, how the data is accessed. This can be 
simple (password => secret) or really complex (OSI Layer 4)

> What exactly does the simplest possible useful solution
> require? Well, it requires you (web page designer) to
> tell me (Mr. Plugin) whether you want me to use GET
> or POST, and it requires you to tell me what personal

I prefer POSTs only. Otherwise all can see your password in the address bar.

> information fields you're asking for. Let's make things
> really nice for Mr. web page designer, and say that
> you can also specify alternative names for our
> "standard" fields. That's about it!

With aliases, you add complexity, where you don't need it.

> The main abstract work here is defining a schema
> for the personal information. I really don't think there's
> any chance of getting this perfect on the first try,

We can if we make it right. That's only a matter of using our brains.

> Yeah, I think(!) that's exactly what I'm thinking.
> The only problem I have with your example is that
> you're replying in XML. Why?

XML extensibe and very simple to parse. Have you ever tried to write a parser 
for a simple linux config file (key value #comment)?
We can also give the website programmer a parser, which returns a simple 
array. This code snip will only be 10 lines long.
Nice, easy and fast!


Norbert

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtSrWEACgkQxMLs5v5/7eCg3wCfQb9yYT1cL0Sc/H6MlQMldKPr
hWcAn3eLqPknlRBOYu+MC6lACkkHyQ78
=H6Dj
-----END PGP SIGNATURE-----