[OpenID] Identity Manager: A Browser-Based Solution to OpenID Phishing
James A. Donald
jamesd at echeque.com
Tue Jan 23 08:46:30 UTC 2007
Marcin Jagodzin'ski wrote:
> The idea seems good, but:
> "Whenever a web page presents an OpenID sign in
> option, the OpenID field and the Sign In button are
> replaced by a single OpenID Sign In button. Moreover,
> separate OpenID Sign In and CardSpace Sign In buttons
> are replaced with a Secure Sign In button."
> How browser can recognize that "web page presents an
> OpenID sign in option"?
I would suggest that OpenID support by the User Agent is
triggered by a visible field that says OpenID_user_url,
and by a hidden field named "SupportedOpenID_versions"
containing a list of supported OpenID versions, and
another hidden field (to be filled in by the User Agent)
named "User Agent"
More information about the general