Hi Hitoshi, <div><br></div><div>This is a very interesting and important topic. <br><div><br></div><div>I actually advise you to join ui WG by signing up to the contribution agreement. </div><div><br></div><div>There, you can discuss in more detail than here. </div>
<div>Since we must not allow IPR contamination, any "really" technical discussion </div><div>needs to happen in the WG. </div><div><br></div><div>Cheers, </div><div><br></div><div>=nat<br><br><div class="gmail_quote">
On Tue, Feb 16, 2010 at 12:18 AM, Hitoshi Uchida <span dir="ltr"><<a href="mailto:hitoshi.uchida@gmail.com">hitoshi.uchida@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Allen,<br>
<div class="im"><br>
> We definitely are interested in defining modes for clients other than<br>
> desktop web browsers, especially for mobile devices, set-top boxes<br>
> (Playstation/X-box/DVD Players), and other embedded devices.<br>
<br>
> Is that what you had in mind?<br>
<br>
</div>Those devices you mentioned can have a normal web browser because they<br>
are allowed to be large size and have rich memory and CPU. The devices<br>
I mentioned is more small and has more limited resources like audio,<br>
camera and so on.<br>
<br>
I would like the spec to support an additional mode which enables a<br>
consumer to request a simple login page to be published to client side<br>
against IdP.<br>
For instance, as I mentioned in my prior email about<br>
'openid.ui.mode=svg', 'openid.ui.mode=MIME-type' enables the consumer<br>
to request its desired login page against IdP. Maybe<br>
'openid.ui.type=MIME-type' may be better as the query name to<br>
distinguish from 'openid.ui.mode'.<br>
<br>
Almost of IdP publish a login page representing a rich user interface;<br>
for examples, based on HTML + JavaScript + CSS. The devices I<br>
mentioned can't display it against users. If the login pages is simple<br>
and fixed permanently, it would be easy to convert the page to a<br>
specific page UA can display. (for instance, html page would be<br>
converted to SVG. Then, the client side analyzes the HTML page to<br>
detect the POST endpoint to be used to submit the user id and<br>
password. And the client generates the SVG login page)<br>
However, if the login page published by IdP is changed, the conversion<br>
program of client side wouldn't be available.<br>
So I think above additional mode is needed by small devices whose<br>
resources are limited.<br>
<br>
In addition to that, as I posted another mailing list in below,<br>
<a href="http://lists.openid.net/pipermail/openid-code/2010-February/000095.html" target="_blank">http://lists.openid.net/pipermail/openid-code/2010-February/000095.html</a><br>
the client side can easily find the POST endpoint to authenticate the<br>
user by analyzing only the link element of HEAD section.<br>
<br>
Best Regards,<br>
Hitoshi Uchida<br>
<div class="im"><br>
<br>
> At least with regards to mobile devices, it turns out that the 500x500 popup<br>
> mode seems to work very well for iPhones and similar mobile clients.<br>
><br>
><br>
> Thanks<br>
> Allen<br>
><br>
><br>
><br>
><br>
> On 2/5/10 10:13 AM, "Hitoshi Uchida" <<a href="mailto:hitoshi.uchida@gmail.com">hitoshi.uchida@gmail.com</a>> wrote:<br>
><br>
>> Dear all,<br>
>><br>
>> Concerning 'openid.ui.mode', do you have a plan to support more mode ?<br>
>><br>
>> Though UI extension spec describes 'popup'<br>
>> and for instance Google Federated Login API also supports currently,<br>
>> even if embedded devices would like to use OpenID/OAuth,<br>
>> they need web browser to show the html login page against users.<br>
>><br>
>> So, if the provider side supports, for instance, 'openid.ui.mode=svg',<br>
>> embedded devices supporting SVG renderer can use OpenID/OAuth to<br>
>> access protected resources securely.<br>
>> In another way, maybe it could be done by sending<br>
>> 'Accept : image/svg+xml' header from UA.<br>
>><br>
>> Anyway, if UI extension spec and real provider services supports more mode,<br>
>> OpenID/OAuth would be used in more various use case;<br>
>> especially embedded devices.<br>
>> So, I would like to discuss about this topic in this mailing list.<br>
><br>
><br>
<br>
<br>
<br>
</div><font color="#888888">--<br>
Regards,<br>
</font><div class="im">Hitoshi Uchida <<a href="mailto:hitoshi.uchida@gmail.com">hitoshi.uchida@gmail.com</a>><br>
</div><div><div></div><div class="h5">_______________________________________________<br>
user-experience mailing list<br>
<a href="mailto:user-experience@lists.openid.net">user-experience@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-user-experience" target="_blank">http://lists.openid.net/mailman/listinfo/openid-user-experience</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br><a href="http://twitter.com/_nat_en">http://twitter.com/_nat_en</a><br>
</div></div>