#capjamesgA quick reminder that we are hosting a Build a Website in an Hour event this weekend. Join us to create a new web project, or work on an existing one, in an hour!
#aaronpkthere are multiple ways to accomplish single sign-on, depending on what your goals are
#aaronpki think it's fair to say IndieAuth is a type of "BYO SSO"
#sebbubut, would cross domain consent sharing, you could log in on one site, go on another site, and being logged in without doing anything (not even a "sign on through ..." button)
#aaronpknah, still talking about user features of SSO. no need to get into the weeds of how to implement it to talk about what it is
#sebbualso, what's the term for the auth we're asked to do (either login in again, or 2FA or other) when we try to access settings (private info or security) on a site where we're already auth ?
#sebbu(some site have a 2FA that's used only for thoses, while others just re-ask your password)
#aaronpki think it still falls under "step-up". the OAuth draft for step-up auth has a "max_age" parameter that could result in only re-entering your password. but now we're getting into #indieweb-dev
asarandi, mooff, hedy-, dmowitz, tenkuu, chenghiz_ and bterry joined the channel
#[KevinMarks]I turned my Nexus 7 on for the first time in a while and Google not only demanded a password, it sent a challenge to my phone too.
AramZS, mdemo and tenkuu joined the channel
#[tantek]wow that's not great. [KevinMarks] were you able to take a photo of the screen / phone challenge? Sounds like a good mini-post to send publish & send to Cory
#[tantek]the whole thing of losing control of the devices you "own"