Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

google tokens

I don't intend to correct all the Google misinformation I see out there, but it especially irks me when people's flawed arguments are just as apparent to "outsiders" as it is to me. (Like the result count estimation: y'all were right. Not sure why that's not obvious to anyone else.)

Now I read people flipping out about "Google tokens" and how it's gonna become an SSO system. And I don't know the truth either way, but let's again let y'all look at the facts and make a decision.

Here's a quick presentation of what I've read online (again, I don't know anything about this stuff): The thought is it'd be nice to use your gmail/talk credentials to log into other sites. But you don't want to give your gmail password to random pages. So somebody looked at some packet captures and saw that Talk logs in by sending your username/password over an SSL connection to a login server, gets a token in response, and then uses that token as your credentials with the Talk server. Therefore, they realized, third parties could let you prove your identity by using your token (and checking it against Talk to verify) without requiring your password!

Dear readers: will this work? Would you trust such a system with your data?
Tags: google
Subscribe

  • your vcs sucks

    I've been hacking on some Haskell stuff lately that's all managed in darcs and it's reminded me of an observation I made over two years ago now (see…

  • jaunty upgrade

    Upgraded to Ubuntu Jaunty. X hung with garbage on the screen after rebooting. Booted into "restore mode" (I forget the exact name), it gave me a…

  • ubuntu summit

    There's an Ubuntu summit going on in Mountain View next week. I'll be there Monday and plan to meet up with someone who's interested in packaging…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 11 comments

  • your vcs sucks

    I've been hacking on some Haskell stuff lately that's all managed in darcs and it's reminded me of an observation I made over two years ago now (see…

  • jaunty upgrade

    Upgraded to Ubuntu Jaunty. X hung with garbage on the screen after rebooting. Booted into "restore mode" (I forget the exact name), it gave me a…

  • ubuntu summit

    There's an Ubuntu summit going on in Mountain View next week. I'll be there Monday and plan to meet up with someone who's interested in packaging…