Finally someone who understands something. Thank you for paying at least attention.
No-one wants to torpedo your idea
They already did. They removed all of the links explaining what I'm trying! You wouldn't be asking these things if you'd have seen the links!
I have to admit I'm pretty angry that they censor my post without explanation on why they did it!
What about if your site does down
All that happens is that when server being down user isn't able to log in that moment. People already logged in stay logged in and work perfectly fine. Even logging out works when the main server is down.
AND: The server won't be going down (at least I'm keeping it up, I can't promise the hardware doesn't break). The server is protected with UPS so power surges don't take it down. The hard drives are RAIDed so if one breaks the server keeps on rolling with the other HDD that still works.
all other boards go down
No, just logging in doesn't work at that time.
What about legal agreements, and terms-of-service
I'm thinking of it now.
are you going to make sure all transmissions happen over SSL
The SSL is used if the PHP supports it. The documentation says very clearly that SSL would be good for security.
How are you going to implement it
I have already coded the protocol. It supports SSL. The specs are located in the URL a moderator (I'm still waiting for the reason the URL was censored) removed.
How are you going to make sure people can't access the data of a user unless the user says that the site can access their profile data? How are you going to make sure they have got the permission of the user for the site to access their data from the database?
That you would've realized if you saw the link which was removed (see, the moderator completely torpedoed and made this harder).
When user goes to PHPBB login page, he can click an alternate link that takes to XS Passport authentication gateway that asks user for password and confirmation on what data is sent to that site. Then if user agrees he is taken back and ticket is issued that will allow the site to download the data user agreed on sharing. This is very secure provided that the gateway tells what data is being sent. The tickets are tied to server hostname so servers the ticket is not issued cannot access that ticket.
Is there a registration process which forces board owners to agree to terms, and are there revised registration terms informing users registering at a site their details are being recoreded in a larger database?
To boost the usage of XS Pass, the system is open in a way that sites don't have to register. Like I said, user is always asked to confirm the data and told that what site requests it.
Now when you said about it, I'm thinking of having the open sites print a message on the authentication gateway that this site is not completely trustable.
And the sites that have signed up and agreed with the TOS do print message that the site is legally agreed not to record any data.