OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID Form Clarification (A.4))

Johannes Ernst jernst+openid.net at netmesh.us
Sat Oct 21 23:03:30 UTC 2006 

Chris, thanks for the answer, but I'm afraid I'm just as confused as  
before. I think I don't understand your scenario. So:
1) User navigates to a relying party
2) Browser++ (i.e. browser with some kind of extension) detects the  
fact that this a relying party (and the means by which that occurs is  
the subject of this discussion)
3) Browser++ shows some kind of user interface that's implemented by  
the browser++ instead of the relying party for identity selection etc.
4) User fills out whatever needs filling out / approving etc. in the  
browser++ user interface
5) Browser++ submits (e..g HTTP POST) to relying party at the right URL

Did I get this right? I must be missing something, though, given the  
constraints you are listing?


On Oct 21, 2006, at 8:17, Chris Drake wrote:

> Hi Johannes,
>
> JavaScript can't talk Yadis, cannot maintain "state" between pages,
> and is highly likely to be blocked from external resources by
> cross-site-scripting security restrictions.  Even if it could go out
> and resolve the OpenID info it needs from external resources, it would
> halve the loading speed of every page involved.
>
> We should not ignore the opportunities that Identity 2.0 is presenting
> to OpenID, so we need to ensure that hooks put in place to enable
> Identity systems to use OpenID are added in a useable way.
>
> Kind Regards,
> Chris Drake
>
>
> Friday, October 20, 2006, 3:03:25 PM, you wrote:
>
> JE> Chris, I'm a little slow here, please bear with me. What's the
> JE> reasoning for "without accessing other resources"?
>
> JE> I am with you if you said "we can't ask a user agent to first do a
> JE> MIME type of XRDS". But what's the difference between adding a  
> new ad-
> JE> hoc link tag in the HTML to the Yadis tag in the HTML or the HTTP
> JE> header?
>
>
>
> JE> On Oct 19, 2006, at 19:44, Chris Drake wrote:
>
>>> Hi Johannes,
>>>
>>> No - Yadis is inappropriate because user agents need to be able to
>>> identify an OpenID login page (and endpoint if possible) *without*
>>> accessing other resources.
>>>
>>> Kind Regards,
>>> Chris Drake
>>>
>>>
>>> Friday, October 20, 2006, 10:33:40 AM, you wrote:
>>>
>>> JE> Isn't this a case where the Yadis infrastructure should be used
>>> JE> instead of Yet Another Link Tag?
>>>
>>>
>>> JE> On Oct 19, 2006, at 8:21, Drummond Reed wrote:
>>>
>>>>> Martin, I agree with Dick, this is a fascinating idea. P3P had the
>>>>> same idea
>>>>> notion for a site advertising the location of the P3P privacy
>>>>> policy: it
>>>>> defined a standard HTML/XHTML link tag that could be put on any
>>>>> page of a
>>>>> site that told the browser where to locate the P3P policy document
>>>>> for the
>>>>> site (or for any portion of the site).
>>>>>
>>>>> 	http://www.w3.org/TR/P3P/#ref_syntax
>>>>>
>>>>> Are you proposing the same thing for OpenID login?
>>>>>
>>>>> (Kewl!)
>>>>>
>>>>> =Drummond
>>>>>
>>>>> -----Original Message-----
>>>>> From: specs-bounces at openid.net
>>>>> [mailto:specs-bounces at openid.net] On
>>>>> Behalf
>>>>> Of Dick Hardt
>>>>> Sent: Thursday, October 19, 2006 12:53 AM
>>>>> To: Martin Atkins
>>>>> Cc: specs at openid.net
>>>>> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)
>>>>>
>>>>>
>>>>> On 19-Oct-06, at 12:35 AM, Martin Atkins wrote:
>>>>>
>>>>>> Dick Hardt wrote:
>>>>>>>
>>>>>>> In order for the RUA to detect that a site supports OpenID, it
>>>>>>> sees a
>>>>>>> form with a single input with a "name" of openid_identiifier.  
>>>>>>> The
>>>>>>> RUA
>>>>>>> can then look at the action and post the data directly to the  
>>>>>>> RP.
>>>>>>>
>>>>>>
>>>>>> I think it'd be better to implement this as either a META or a  
>>>>>> LINK
>>>>>> element alongside a standard protocol for communicating with the
>>>>>> nominated URL.
>>>>>>
>>>>>> This way the site can declare on *all pages*, rather than on the
>>>>>> forms-based login page, that it accepts OpenID auth. This allows
>>>>>> the
>>>>>> user to go to the RP's home page (or any other page) and click  
>>>>>> the
>>>>>> "OpenID Login" button on the browser's toolbar and have it work.
>>>>>
>>>>> That is an interesting idea. Would you like to take a stab at more
>>>>> specifics?
>>>>>
>>>>> -- Dick
>>>>> _______________________________________________
>>>>> specs mailing list
>>>>> specs at openid.net
>>>>> http://openid.net/mailman/listinfo/specs
>>>>>
>>>>> _______________________________________________
>>>>> specs mailing list
>>>>> specs at openid.net
>>>>> http://openid.net/mailman/listinfo/specs
>>>
>>> JE> Johannes Ernst
>>> JE> NetMesh Inc.
>>>
>>>
>>>
>
> JE> Johannes Ernst
> JE> NetMesh Inc.
>
>
>

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061021/d8e00af4/attachment-0002.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the specs mailing list