[OpenID] "Consumer-Ping-Service" for OpenID Providers

Nic James Ferrier nferrier at tapsellferrier.co.uk
Tue Mar 6 01:24:14 UTC 2007

"Thomas Huhn" <thomas.huhn at gmail.com> writes:

> The usefulness of this "consumer-ping-service" depends on the acceptance of
> the OpenID providers. The more IdPs join, the more complete the market
> overview gets. The more attractive sites users can find, the more attractive
> the OpenID technology gets at all.
> So if you´re running an OpenID provider please give me feedback and I will
> set up a simple API in a few days. I would suggest that the minimum
> parameter needed is the trustroot from the authentication request, the rest
> of the information for the directory like title and description can be
> crawled automatically from the html of the website by our server or at least
> be filled in during manual approvement. To avoid spam we will restrict
> access to the API by ipadress. This way only registered IdPs can auto-submit
> new sites.

We're happy to do this.

> I don´t think we´re running into any privacy issues by passing over the new
> trustroots that appear on the web, but IdPs should at least consider to
> check their terms of service. Maybe another checkbox is needed saying
> something like "please publish this site to the OpenID Directory". The
> problem I see is that this would not be very self-explainable. I´m not quite
> sure if this is necessary at all, but at least it gives the control to the
> user.

I don't think it's necessary. The providers' contract is with the
user. Saying "oh! here's a new OpenID site that authenticated someone
to us" is not a big deal.

Nic Ferrier
Need a linux/java/python/web hacker?  I'm in need of work!

More information about the general mailing list