OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID Form Clarification (A.4))

Chris Drake christopher at pobox.com
Sat Oct 21 15:17:54 UTC 2006


Hi Johannes,

JavaScript can't talk Yadis, cannot maintain "state" between pages,
and is highly likely to be blocked from external resources by
cross-site-scripting security restrictions.  Even if it could go out
and resolve the OpenID info it needs from external resources, it would
halve the loading speed of every page involved.

We should not ignore the opportunities that Identity 2.0 is presenting
to OpenID, so we need to ensure that hooks put in place to enable
Identity systems to use OpenID are added in a useable way.

Kind Regards,
Chris Drake


Friday, October 20, 2006, 3:03:25 PM, you wrote:

JE> Chris, I'm a little slow here, please bear with me. What's the  
JE> reasoning for "without accessing other resources"?

JE> I am with you if you said "we can't ask a user agent to first do a
JE> MIME type of XRDS". But what's the difference between adding a new ad-
JE> hoc link tag in the HTML to the Yadis tag in the HTML or the HTTP
JE> header?



JE> On Oct 19, 2006, at 19:44, Chris Drake wrote:

>> Hi Johannes,
>>
>> No - Yadis is inappropriate because user agents need to be able to
>> identify an OpenID login page (and endpoint if possible) *without*
>> accessing other resources.
>>
>> Kind Regards,
>> Chris Drake
>>
>>
>> Friday, October 20, 2006, 10:33:40 AM, you wrote:
>>
>> JE> Isn't this a case where the Yadis infrastructure should be used
>> JE> instead of Yet Another Link Tag?
>>
>>
>> JE> On Oct 19, 2006, at 8:21, Drummond Reed wrote:
>>
>>>> Martin, I agree with Dick, this is a fascinating idea. P3P had the
>>>> same idea
>>>> notion for a site advertising the location of the P3P privacy
>>>> policy: it
>>>> defined a standard HTML/XHTML link tag that could be put on any
>>>> page of a
>>>> site that told the browser where to locate the P3P policy document
>>>> for the
>>>> site (or for any portion of the site).
>>>>
>>>> 	http://www.w3.org/TR/P3P/#ref_syntax
>>>>
>>>> Are you proposing the same thing for OpenID login?
>>>>
>>>> (Kewl!)
>>>>
>>>> =Drummond
>>>>
>>>> -----Original Message-----
>>>> From: specs-bounces at openid.net
>>>> [mailto:specs-bounces at openid.net] On
>>>> Behalf
>>>> Of Dick Hardt
>>>> Sent: Thursday, October 19, 2006 12:53 AM
>>>> To: Martin Atkins
>>>> Cc: specs at openid.net
>>>> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)
>>>>
>>>>
>>>> On 19-Oct-06, at 12:35 AM, Martin Atkins wrote:
>>>>
>>>>> Dick Hardt wrote:
>>>>>>
>>>>>> In order for the RUA to detect that a site supports OpenID, it
>>>>>> sees a
>>>>>> form with a single input with a "name" of openid_identiifier. The
>>>>>> RUA
>>>>>> can then look at the action and post the data directly to the RP.
>>>>>>
>>>>>
>>>>> I think it'd be better to implement this as either a META or a LINK
>>>>> element alongside a standard protocol for communicating with the
>>>>> nominated URL.
>>>>>
>>>>> This way the site can declare on *all pages*, rather than on the
>>>>> forms-based login page, that it accepts OpenID auth. This allows
>>>>> the
>>>>> user to go to the RP's home page (or any other page) and click the
>>>>> "OpenID Login" button on the browser's toolbar and have it work.
>>>>
>>>> That is an interesting idea. Would you like to take a stab at more
>>>> specifics?
>>>>
>>>> -- Dick
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at openid.net
>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at openid.net
>>>> http://openid.net/mailman/listinfo/specs
>>
>> JE> Johannes Ernst
>> JE> NetMesh Inc.
>>
>>
>>

JE> Johannes Ernst
JE> NetMesh Inc.







More information about the specs mailing list