[OpenID] OpenID for non-HTTP applications?
mart at degeneration.co.uk
Wed Jan 17 18:39:52 UTC 2007
Bob Wyman wrote:
> My apologies if I've missed the appropriate discussions somewhere...
> But, I would appreciate it greatly if someone could comment on the
> problem of getting non-HTTP applications to use OpenID. For instance,
> I'd like to use OpenID for things like my identifier (JID, username,
> etc.) in Jabber, POP, SMTP, FTP, Gopher, etc... But, many of these
> protocols are well established and resistant to change. Also, protocols
> like Jabber/XMPP and SMTP extract useful routing information from the
> ids that they currently assign to me. To these applications, identifiers
> are not simply opaque strings. (For instance, in both Jabber and SMTP,
> my id includes the name of my server.)
> My guess is that there is a small set of standard "patterns" that
> non-HTTP applications would need to support in order to support OpenID.
> Have these been defined or otherwise discussed?
For entrenched things like email and Jabber, I think the best we'd be
able to do is define a mechanism for an OpenID identifier to be used as
a login for a traditional email address or JID. The identifiers used for
email and XMPP are not syntax-compatible with OpenID's URLs.
We've briefly discussed the possibility of defining a machine-grokable
alternative to the HTML forms part of the OpenID process when we were
talking about HTTP Authentication bindings for OpenID.
The main problem is figuring out how to replace the HTML forms that
handle logging in and giving permission in a way that doesn't depend on
a web browser. The authentication problem isn't too hard — SASL already
provides a mechanism for "pluggable" authentication schemes — but once
you're outside of the web context the permission thing doesn't make much
sense since the apps could just say Yes on the user's behalf and bypass
the question entirely.
More information about the general