[Ur] The right way to do federated login in 2015?
Adam Chlipala
adamc at csail.mit.edu
Tue Oct 20 08:56:23 EDT 2015
For a long time, I've been bothered by the idea that every person should
have a separate account with a separate password on every web service
that he uses. I'm not the only one who's been bothered, and a variety
of federated login approaches have been proposed, where one account can
be used to log into every compliant service, using cryptography to do it
all without allowing services to impersonate their users to other
services. In 2010, OpenID seemed like a winner among the protocols out
there, so I implemented an Ur/Web library for it.
These days, it seems that OpenID has really failed. I see options like
OAuth for, e.g., letting users log into a developer-centric service with
GitHub credentials.
I'm writing to ask the list: is there one obvious federated login
protocol that seems to be "winning" today, such that it might be worth
implementing as an open-source Ur/Web library? If so, is anyone
interested in getting involved with building that library?
More information about the Ur
mailing list