[OpenID] OAuth SPs don't have to be your OpenID OP

Chris Messina chris.messina at gmail.com
Sat Apr 4 16:22:03 UTC 2009


Heh. I think it needs to be implemented first, and that will require some
massive infrastructure and adoption before it will become useful.
In reality, the later will require more policy and social change than
technological effort, so I wouldn't hold your breath. But, if you're really
passionate about this, that's the idea to be advocating and pointing to.

Chris

On Sat, Apr 4, 2009 at 12:10 PM, santrajan <santrajan at gmail.com> wrote:

>
> Cool! So it will just require some javascript I presume. How fast you think
> this can be implemented?
>
> Chris Messina wrote:
> >
> > On Sat, Apr 4, 2009 at 11:23 AM, santrajan <santrajan at gmail.com> wrote:
> >
> >>
> >> Exactly! To quote from that doc.
> >> "The suggested approach involves two new systems that we refer to as the
> >> CDS
> >> (Central Discovery Service) & PDS (Personal Discovery Service).  The
> only
> >> job of the CDS is to indicate the location of the user's PDS. "
> >>
> >> Something like this for OpenID.
> >>
> >
> > Right. This was what we discussed at the OpenID Design Workshop — that
> > such
> > a PDS system could hint to the browser what OP the current user uses —
> and
> > nothing more — to enable a generic "Sign in" button for the web w/o
> having
> > to support the Nascar screen of logo-buttons that will surely emerge with
> > the proliferation of directed identity and OPs.
> >
> > Chris
> >
> >
> >>
> >>
> >> Chris Messina wrote:
> >> >
> >> > On Sat, Apr 4, 2009 at 10:57 AM, santrajan <santrajan at gmail.com>
> wrote:
> >> >
> >> >>
> >> >> Yes but the consumer registration is still required right? I mean it
> >> >> wouldn't
> >> >> work without the OAuth key?
> >> >
> >> >
> >> > Auto-registration is a possibility. It's not unlike the association
> >> that
> >> > takes place in OpenID on the fly, to the best of my [limited]
> >> knowledge.
> >> >
> >> >
> >> >> Regarding centralized discovery I was thinking of a centralized
> >> >> repository
> >> >> for identities that will allow discovery and manage trust.
> >> >>
> >> >
> >> > You mean like Passport or Facebook? I'm not sure I understand what
> >> you're
> >> > proposing. Centralization is against the model and design of the web
> >> > (albeit, DNS is pretty much centralized discovery/resolution).
> >> >
> >> > Have you read about the Personal Discovery Service?
> >> >
> >> > http://sites.google.com/site/oauthgoog/Home/pds
> >> >
> >> > Chris
> >> >
> >> >
> >>
> >
> > --
> > Chris Messina
> > Citizen-Participant &
> >  Open Web Advocate
> >
> > factoryjoe.com // diso-project.org // vidoop.com
> > This email is:   [ ] bloggable    [X] ask first   [ ] private
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/OAuth-SPs-don%27t-have-to-be-your-OpenID-OP-tp22879703p22885000.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate

factoryjoe.com // diso-project.org // vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090404/d1443715/attachment-0002.htm>


More information about the general mailing list