(1) For interactions mediated through your container page to your own server
via XHR, you can use your own auth mechanisms (cookies or extra headers for
example). This should cover most use cases.
(2) We're not expecting the rest of the world to implement the server side
of AuthSub. We'd like to use an open standard for this, and we're looking
hard at OAuth (http://oauth.net) for this purpose. If this happens of
course we'd accept OAuth credentials as well as AuthSub in our own REST
API. Feedback is welcomed!
On 11/2/07, Al <a...@folknology.com> wrote: