Lighthouse making an appearance?Garett Rogers | Wednesday, June 7, 2006 18 years ago • 8,059 views |
looks like there is a new link on the "Google Accounts" page.....
http://blogs.zdnet.com/Google/?p=223 |
/pd | 18 years ago # |
hey wait a second.. if lighthouse is getting launched..then won't it make sense to picasa too luanch at the same time ??
But what is the Figurative " 3rd party sites authroized " statement ?? Would this mean that its like Hosted services ?? |
Sam Davyson | 18 years ago # |
It is a bit of a jump to say that it is lighthouse. Especially since none of us actually have any idea what lighthouse even is. Probably nothing will come of it. |
Garett Rogers | 18 years ago # |
Lighthouse is an "Access List" according to the leaked presentation notes. |
Sam Davyson | 18 years ago # |
{ and if this is something new... then blimey! so much in so little time. Spreadsheets, Web Albums (not surfaced yet), Vid Player for Mac and this (not surfaced yet) all in 2 days! } |
/pd | 18 years ago # |
But Sam, you can see how fast they reacted with taking away the link on the picaso web pages..
Why was that ?? |
Sam Davyson | 18 years ago # |
Oo notice this too: if you change it to "IssueAuthSubToken" you get a login page:
https://www.google.com/accounts/IssueAuthSubToken
(btw this isnt what you default get if you make up a page e.g. https://www.google.com/accounts/FAKE) |
/pd | 18 years ago # |
Same , have you gone thru the notes sections of the blotched ppt that was used on their presentation day ? theres a lot of tidbits of infonuggets
|
Sam Davyson | 18 years ago # |
And even cooler:
https://www.google.com/accounts/IssueAuthToken |
Sam Davyson | 18 years ago # |
I read the blog post where it was leaked initally. I never took it too seriously since it was all so vague and no one really knew what any of it meant. |
Sam Davyson | 18 years ago # |
What URL do you see on that last one? Mine ends 00d11b25efe2301 |
Garett Rogers | 18 years ago # |
Mine ends with: 8fcd3e6
Seems to be unique each time I reload the page. |
Sam Davyson | 18 years ago # |
Oh yes. Same here. So what do you think this is?
"Access List" is a bit vague. I mean what is it for? |
/pd | 18 years ago # |
yes, but if you tie in Checkout with the ACL and your accounts with the various servics.. the strategy makes sense..!!
|
Garett Rogers | 18 years ago # |
Speculation: I think it will be a mechanism websites can use to authenticate users via their Google account (only with the users granting access to that website) – MSN Passport was designed to be your single login for the web... but I think it has pretty much failed.
If not that, it could also be an "Access List" to automaitcally withdraw funds from a Google Account like a PayPal subscription service?
My guess is as good as yours though. |
Sam Davyson | 18 years ago # |
Right. When you say authorisation it reminds me of Flickr where you have to agree to give companies permissions to read / read/write your photos to use their services. They have a centralised system for it. No you are suggesting something similar but for Google. The question is what are you letting people have access too.
Maybe money like you say. Or maybe some sort of system to get your details (name, email, address...) to other websites to speed up the sign up processes. Standing in for what .NET passports are meant to be. Oh ok.
Sorry this post adds nothing new, it is just me getting what you said straight in my head. |
Tony Ruscoe | 18 years ago # |
I nearly posted about this the night before last but noticed it was covered here so I didn't bothered:
http://googlesystem.blogspot.com/2006/06/google-passport.html |
/pd | 18 years ago # |
but the URL as id'ed below is dysfunctional now (?)
https://www.google.com/accounts/ManageAccount2 |
Ionut Alex. Chitu | 18 years ago # |
Right :)
I didn't know what Lighthouse means. It was mentioned in the same context as GDrive. |
iZeitgeist | 18 years ago # |
Ionut:
A lighthouse is the tower near the shore to warn sailors from danger at night. Beside that I can't imagine what it means in a Google context. |
Kirby Witmer | 18 years ago # |
My google account section now displays a "Change Authorized Websites" link on the left hand side. Anybody else have this?? |
/pd | 18 years ago # |
I see it and it points to what Garett's mentioned
https://www.google.com/accounts/IssuedAuthSubTokens |
iZeitgeist | 18 years ago # |
Kirby
Me too. |
Art-One | 18 years ago # |
I have it too... |
TOMHTML | 18 years ago # |
Garett > as I said on your site, we talked about that with Ionut (Google Operating system) some days ago. http://www.zorgloob.com/2006/06/google-passport.asp (French)
hey, I have no Google logo here : https://www.google.com/accounts2 is it normal? |
Garett Rogers | 18 years ago # |
Thanks TOM
it seems like www.google.com/accounts<anything here> will produce the same results... i think the problem is the google logo uses a relative path and /accountslkjasfjasjg/logo.gif doesn't exist
the question is why /accountskjasjdglaj works at all? |
Ken Kuhl | 18 years ago # |
Could this ("Authorized Websites") be something related to controlling access to your account by other sites. For example, I've given my gmail address and password to Netvibes so that my gmail inbox can be displayed on my Netvibes page. Maybe this is a way Google is planning on giving us to control what sites/services (like Netvibes) have access to our info. An extra level of security maybe? |
Josue R. | 18 years ago # |
Ken: allowing third-party websites to have access to your login credentials and your information on Google servers is just plain dumb... giving that much power to a third-party website can bring lots of problems... mainly security issue's where the "other sites" can simply get your credentials from their own database -> run a script/app to check all your emails (Gmail), notes (notebook), search history, accounting reports (spreadsheets), and other google services to their advantage -> build a massive "John Doe" personal details and history profile and sell it to the highest bitter!! (not to mention Big Brother's from every country on this earth)...
just my point of view but clearly a decision to "NOT" allow third-party sites to have access to my personal info. Google, thanks but no thanks for this feature! |
/pd | 18 years ago # |
"clearly a decision to "NOT" allow third-party sites to have access to my personal info. Google, thanks but no thanks for this feature!"
Strong, very strong statment. Tip of the hat for this statement!! thank you :)- |
Ken Kuhl | 18 years ago # |
Well then this: http://www.google.com/tools/firefox/browsersync/index.html is something you guys would certainly not like, right?
And Josue, despite my being "plain dumb," I was able to muddle through your logic. |
Josue R. | 18 years ago # |
i don't know much about this "Lighthouse" but i believe it has to do with a "MS Passport" like authetication as other have already mentioned... hopefully this URL below will give more light into this mystery...
http://code.google.com/apis/accounts/AuthForInstalledApps.html
its interesting that you can validate (and check status) your Google Accounts with this simple URL post:
https://www.google.com/accounts/ClientLogin?Email=<EMAIL>&Passwd=<PASSWORD>&service=mail&source=<ANYTHING_HERE>
if the URL post is successful, you'll get three types of AuthTokens (aka 'authentication cookie') but if unsuccessful you get a simple response "Error=BadAuthentication"! (see Error Codes / http://code.google.com/apis/accounts/AuthForInstalledApps.html#Errors)
... now imagine a vulnerbility in this mechanism where all you need is the EMAIL account and a random / fake PASSWD or SubAuthToken hack... this would be chaos through out the Google network.
Philipp: it would be nice to implement this Authentication method into Blogoscoped forums.
|
Caleb E | 18 years ago # |
"clearly a decision to "NOT" allow third-party sites to have access to my personal info. Google, thanks but no thanks for this feature!"
No need to overreact, i doubt Google will give any third party website access to your email and saved files. This is, afaict, a clone of MS's passport system. the only personal info they will access is stuff like your name and email address, stuff they'd have to ask you for if you registered anyway. Google hasn't even released anything yet! |
Bob Krause | 18 years ago # |
Anybody seen Microsoft's InfoCard mechanism? It is an implementation of the Yadis protocol, an open standard "web of trust" for single login capabilities. For more info, start at...
http://en.wikipedia.org/wiki/Yadis |
TOMHTML | 18 years ago # |
The new link in Google Account no longer exists https://www.google.com/accounts/ManageAccount?hl=en |
/pd | 18 years ago # |
yes, you are correct tom, I noticed this too!! |
Ionut Alex. Chitu | 18 years ago # |
Also google.com/call gives error instead of the weird XML. |