[sldev] More about viewer auth in today's RC

[Anders Arnholm]

On Tue, Dec 04, 2007 at 03:47:17PM -0800, Tess Chu wrote:

> Much of the ensued debate centered around the relative security of the old 
> xml-rpc based approach versus the new approach of using HTML.  We *weren't* 
> necessarily trying to make the mechanism itself more secure (we believe 

Much of this because you, (meaning the lindens) described the method as:

 web (IE/Safari/firefox) -> viewer

Not as it is:

 viewer -> super speical http/html (+something?) brower lookalike thing
 -> info to viewer

The issues and compatibility problems ate totally different the problem
domain is totally different. Now we can wounder what the heck is needed
from the viewer to work? CSS? JavaScript? Image rendering? This browser is
apparently able to save into, and have a button for it in the
webpage, what does that mean? What is the protocol used to steer the
special viewer... A descriptions, some code maybe descriptions and
specifications here probably much more important that code.

/ Balp
-- 
      o_   Anders Arnholm,               HiQ - Consultant
 o/  /\    anders at arnholm.nu             Phone  : +46-703-160969
/|_, \\    http://anders.arnholm.nu/     http://www.hiq.se
/
`

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20071207/fd80bdf9/attachment.pgp