Hannes' example of remote authentication uses iframe magic that isn't easily adaptable to real use, but the core idea is more general:
- The server gives the user a one-time use token.
- The user sends the username, token, and application server URI to the authentication server.
- (The authentication server prompts the user to log in, if e isn't already cookied.)
- The authentication server tells the application server "yes, user:token is a-OK!" or "no, I don't know user:token."
I'm not sure how else you could do it, really. That's how Paypal works, and I expect that's how-ish TypeKey will work. (OBKA was a related project at least part of which was designing a similar system for commenting, but the site's gone now and it's not in archive.org. Sounds like they were on to the same thing though.)
Drupal's system is still cool, but you have to give the application server your password. Using a one-time token and having the remote server authenticate that token at the (automated-by-redirect) user's request avoids that.
My trip's over and now I need to look for an apartment and stuff.
While educated idiots might try to convince you that badmouthing the future is honest and intelligent, it's actually a bad habit based on delusion. Here's your *real* assignment...: Retrain your mind to expect the best.
Transform your home into an impregnable fortress of solitude and don't go out unless you absolutely have to. You must make yourself perfectly safe! APRIL FOOL! ... [I]n general it's an excellent time to open your heart and turn your home into a festive center of abundance. I suggest you invite every interesting person you trust to come and experience you in your natural habitat.
