[OpenID] thoughts on a consumer driven idp affiliate program

Lukas Rosenstock inbox at lukasrosenstock.net
Tue Jan 9 09:46:32 UTC 2007


> So, a consumer that receives a request from an idp affiliate where the
> HTTP_REFERRER is from an ourservice.com domain and the
> request is of the type
> http://ourservice.schtuff.com?caller_id=http://www.ourservice.com/users/john
> could automatically do the needful.

This could do the work.
Currently there is already an agreement to set the name property of the  
login textbox to "openid_url". This agreement can be extended. My  
suggestion:

If the URL to a page that includes an OpenID login form contains the key  
openid_url with a valid OpenID URL as value in its query, this page SHOULD
- either set the initial value of the login textbox to the given OpenID,  
so that the user may login quickly by pushing the submit button
- or immediately redirect to the IdP to verify the identity
If the user is already logged on with the same or a different identifier  
the openid_url-value MAY be ignored.
Whenever possible it is RECOMMENDED that the openid_url-parameter is  
accepted on every page / URL path of a relying party site.

If a relying party page contains links to other external websites which  
are known to be relying parties, too, the key openid_url with the value  
set to the identifier of the currently logged on user MAY be added to the  
query part of the external URL. It is RECOMMENDED that the user
- either will see two links, one with an one without his identifier
- or may toggle this as a global option on the website
if he prefers to stay anonymous for the other site.



More information about the general mailing list