OpenID Mobile Profile?

Nat Sakimura sakimura at gmail.com
Tue Feb 3 08:26:54 UTC 2009


Yes. As far as the protocol flow is concerned, that flow is exactly
what I have suggested in an earlier mail.

By the way, have you thought of some way of dynamically establishing
consumer_key & consumer_secret?

I envision that both consumer and provider advertising its identifier
as <Subject> in XRD and associated public key would do the job. Of
course, whether the Service Provider accepts the request is entirely
at their descretion, but it will remove the manual process there.

=nat



On Tue, Feb 3, 2009 at 4:56 AM, Allen Tom <atom at yahoo-inc.com> wrote:
> Hi Nat,
>
> OpenID has a huge opportunity in the mobile market, because logging
> in/registering is at least an order of magnitude more painful on a handset
> than on a standard desktop browser. Even with my iPhone, logging in is
> terrible, and I can't think of a single time I've bothered to register.
>
> At least from my perspective, I'm more interested in discussing UX rather
> than protocol changes. Although the URLs are getting really long, the URL
> length is an implementation detail that is mostly hidden from the user.
> Supporting the equivalent of SAML's artifact binding as an additional OpenID
> communication mode isn't really going to improve the UX for users of iPhone
> class devices.
>
> Because OpenID and OAuth appear to be converging, I'd prefer to see
> artifact-type binding implemented using OAuth's Request Token. In OAuth, the
> RP (aka Consumer) first requests a Request Token using direct communication,
> and then redirects the browser to the OP (aka SP) with the Request Token to
> maintain the state. Instead of having the browser pass all the request
> parameters on the URL, all the parameters are represented by the Request
> Token, which is intented to be relatively short.
>
> Allen
>
>
> Nat Sakimura wrote:
>
> Hi.
>
> Are there poeple who are interested in discussing OpenID Mobile profile sort
> of thing?
> Mobile phones has unique challenges of being restricted in URL length etc.
> OpenID as it stands now has very lengthy URLs in both requests and responses
> and it sometimes does not fit into the restrictions.
> SAML world has defined artifact binding to cope with it. IMHO, OpenID should
> define something like that also.
>
> In Japan, there are bunch of people (including mobile carriers) who wants to
> do it.
>
> Are there interest here as well?
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
>
> ________________________________
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/



More information about the specs mailing list