[OpenID] Proposal for a new XDI.ORG service (i-service) for SSO
christopher at pobox.com
Tue Jan 16 05:48:22 UTC 2007
I'm looking for a way to let my customers use their identities safely
online. In particular, this includes protecting them from
Can you suggest a way that =Christopher can log in to www.site-a.com
and then later into www.site-b.com such that site-a and site-b cannot
later "share data" about =Christopher without his permission? This
control is, after all, the whole point of "user centric" ?
My proposal is for XDI.org to host an HTTPS redirection proxy
application, that can take HTTPS POST data directly from RP web forms,
resolve the entered i-name =Christopher (or ask for the i-name if none
was provided - eg - I clicked "login" without entering my i-name), and
redirect the browser to the customers preferred authentication
endpoint (the endpoint can then allow my customers to decide which
persistent identifier to provide back to site-x for this login).
Basically - anything that blocks i-names from getting posted directly
to RP web sites will do, and I think XDI is the best place to do this?
Infocards already have this functionality built-in, using the owners
operating system as the "selector". I think XDI can build something
much better, that will continue to work whether or not our customer is
in front of his own PC.
More information about the general