[OpenID] An alternative OpenID UX

Peter Williams pwilliams at rapattoni.com
Tue Apr 14 14:06:56 UTC 2009


Think about the model tho: is this any different to an OP that refuses to deal with RP realms that don't fit its policy, or requires RP's to "pre--register", or requires an RP to bind to particular legal copyright terms (that are offensive to many), or "give notice" by binding the assertion to an https cert (bearing copyright notice, and binding to an relying party agreement or other governance regime)? I cannot imagine in the Japan market anyone even blinking twice at such a constraint - limiting assertion requesting/making to particular trading groups. If that's all fine in Japan, its fine in Santosh-land.

The best technical way for Santosh to assert his policy would be to declare a vendor-specific PAPE URL, publish its policy (email identity verification required) on the URL (making it thus resolvable), always include the policy requirement in assertion requests, and always enforce the PAPE assertion policy requirement on handling the assertion. If he does this, the system is 100% openid - as between trust impositions and PAPE requirements, the system is exploiting the very mechanism the standard provides for such controls.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Santosh Rajan
> Sent: Monday, April 13, 2009 10:26 PM
> To: general at openid.net
> Subject: Re: [OpenID] An alternative OpenID UX
>
>
> You Cant
>
>
> Chris Messina wrote:
> >
> > I'm a little confused by the UI.
> > What if I want to use my own self-provided OpenID?
> >
> > Chris
> >
> > On Mon, Apr 13, 2009 at 8:44 PM, Santosh Rajan <santrajan at gmail.com>
> > wrote:
> >
> >>
> >> PS:
> >> It also sets a cookie so that the next time on it will show you your
> >> selected Account in the button.
> >>
> >>
> >> Santosh Rajan wrote:
> >> >
> >> > I am working on an OpenID UX with the following objectives.
> >> > 1) Make it as simple as possible for the user under the
> circumstances.
> >> > 2) RP's don't have to bother about authentication and
> verification.
> >> They
> >> > get an authenticated user with a verified email address.
> >> >
> >> > You can see it here
> >> >  http://myfeeds.myofiz.com http://myfeeds.myofiz.com
> >> >
> >> > I would like to add more OP's to this. But I am not sure if they
> >> provide
> >> a
> >> > verified email address.
> >> >
> >> > Your comments and feedback will be usefull.
> >> >
> >> >
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/An-alternative-OpenID-UX-
> tp23032699p23032765.html
> >> Sent from the OpenID - General mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >
> >
> >
> > --
> > Chris Messina
> > Citizen-Participant &
> >  Open Web Advocate
> >
> > factoryjoe.com // diso-project.org // vidoop.com
> > This email is:   [ ] bloggable    [X] ask first   [ ] private
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
> --
> View this message in context: http://www.nabble.com/An-alternative-
> OpenID-UX-tp23032699p23033453.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general



More information about the general mailing list