Kudos to Yahoo! for finally starting to roll out BBAuth, a simple consistent authentication scheme across their services. This is one of a number of different but similar attempts at providing a simple Web based identity scheme. Dare squints hard and spots the difference between this and Google’s Web Proxy Authentication (photo), but I’ve lumped them together with the Atom PP technique as “HTTPS/URI Hashing” in a recasting of Patrick Harding’s Diagram (above). BBAuth does enable interesting interactions between third-parties, federation if you will, such as MOO printing private photos from my flickr stream. But I still feel it’s not a lot further to the top right than say Passport (photo).
Technorati Tags: Google, HTTP, HTTPID, identity, infocard, openid, CardSpace, xtech, Yahoo!
[...] I trust the water piped directly to my house, but I more careful when it comes to packages which flop through my letterbox. A signed-sealed envelope delivered by a courier boosts my confidence, but helps a lot if I know who sent it. So whilst WS-Security offers a little more than just TLS, it’s the thought and effort being expended to establish and exchange identity that currently gives WS-* the security edge over REST. It’s great to see that RESTians are starting to at least see the issue, triggered by Pete Lacy and Gunnar Peterson’s great posts. But don’t panic: I suspect the establishment of Trust and exchange of Identities may indeed be answered by SOAP/WSS, only it’ll be baked-hard and packaged into something like the CardSpace stack. That way the slippy stuff won’t prevent us from continuing to use the Web and getting shit done. [...]