[OpenID] OpenID for desktop network clients

Troy Benjegerdes hozer at hozed.org
Wed Mar 21 02:17:46 UTC 2007

On Tue, Mar 20, 2007 at 06:36:26PM -0700, Gabe Wachob wrote:
> I blogged an idea that I implemented to allow a user to authenticate to a
> desktop client for a "network app" (think  of an IM client) - the idea is to
> present an openid to a desktop client and then have it, in concert with the
> server-side component of the app, use normal OpenID authentication through
> the user's browser to authenticate the user to both the server side and to
> the desktop client: 
> http://blog.wachob.com/2007/03/openid_for_desk.html
> I have a basic implementation - looking for holes in the idea. Probably not
> a novel idea, but I didn't recall seeing any write-up or implementation of
> this anywhere. 

I guess I don't understand why you'd want to do this.... OpenID seems
very http-centric, and if you are talking about desktop apps, you would
be better served by something like SASL, or the kind of stuff that
happens under the hood in an MS active directory domain with Kerberos.

What I like is having several computers that can all authenticate to a
kerberos server and get access to my files and home directory.. this
covers the desktop side. What's missing for me is being able to
automagically be logged into my openid server once I am logged into my
desktop environment.

Or let's take the case of a mac user.. They log into their macbook,
which unlocks the OSX Keychain, which handles most OSX applications
nicely. The keychain should then know something about coordinating with
the browser to be able to auto-fill in openid web forms.

I guess the point I'm trying to make is that while you want an
integrated single sign-on environment that openid is part of, extending
it to the desktop seems like putting a square peg in a round hole,
especially since there are so many other solutions on the desktop. 

More information about the general mailing list