[OpenID] thoughts on a consumer driven idp affiliate program
inbox at lukasrosenstock.net
Tue Jan 9 19:01:43 UTC 2007
S. Sriram schrieb:
> For _auto-fill_ this currently already works for the 'login page' of a given
> RP - click the following link to see it in action
It works for schtuff but not for any site.
> However for _auto-access_, there needs to be intervention if the user is
> to be saved the 'login click' and authentication dance.
Again, if you know exactly what this RPs URLs are, you can copy the
login form and start the login process from your site, too.
Okay, I got that idea, however:
- Some users turn referers off.
- Who manages the white lists?
And also, als Martin Atkins said, you don't necessarily want autologin
and using a POST would be better. Maybe we could include accepting
openid_url (or openid_identifier, why was that changed?) as query
parameter for autofill as a recommendation in the spec and leave an
autologin up to the sites - maybe some "standard" evolves throughout time.
More information about the general