<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>George, you are correct, and perhaps I didn't say it before, but
this was considering the fact that I already signed up to these sites using
OpenID.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So if I'm signed up with OpenID (specifically the same one) to LiveJournal
and to Zooomr I will be able to switch between the two seamlessly as long as
I'm authenticated at my OpenID server.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The trick that I was referring to is to overcome the limitation
of cookies being bound to a domain.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Having a plugin like Sxipper is great but it’s a plugin and
people need to download and install it and if we want OpenID to get to a
greater audience perhaps things like the planned integration with FireFox 3.0
is the way to go (though I haven't read any of its details yet).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Eran<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> George Fletcher
[mailto:gffletch@aol.com] <br>
<b>Sent:</b> Monday, January 29, 2007 7:42 PM<br>
<b>To:</b> Tan, William<br>
<b>Cc:</b> Eran Sandler; general@openid.net<br>
<b>Subject:</b> Re: [OpenID] Sharing OpenID between sites (and APIs)<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>+1<br>
<br>
As a user I don't want my OpenID propagated to another site for Single-Sign-on
without the option to determine whether I want to be authenticated at that site
or not. Just because I can be authenticated at a site (e.g. digg or
slashdot) doesn't mean I want to be.<br>
<br>
Existing browser form fills (or the <a href="http://www.sxipper.com">sxipper</a>
plugin) do this already by recognizing the OpenID form field and offering to
automatically fill it in. This means I don't have to type it in every
time and yet allows me the flexibility to determine when I want to authenticate
and when I don't.<br>
<br>
Thanks,<br>
George<br>
<br>
Tan, William wrote:<br>
<br>
<o:p></o:p></p>
<pre>However, an RP (or OP) wouldn't randomly link to another site giving it <o:p></o:p></pre><pre>the openid_url of the logged in user since that would be a huge security <o:p></o:p></pre><pre>concern. I assume the use case is for keeping the user logged in within <o:p></o:p></pre><pre>affiliated sites only, kind of like moving between gmail and gcalendar <o:p></o:p></pre><pre>or something like that.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>If the first RP that appends the openid_url parameter can be certain <o:p></o:p></pre><pre>that the target will process it and then redirect away to a URL with no <o:p></o:p></pre><pre>private information, then that's fine.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre>=wil<o:p></o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>general mailing list<o:p></o:p></pre><pre><a
href="mailto:general@openid.net">general@openid.net</a><o:p></o:p></pre><pre><a
href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a><o:p></o:p></pre><pre><o:p> </o:p></pre><pre> <o:p></o:p></pre></div>
</body>
</html>