<div>Krishna,</div>
<div> </div>
<div>Thanks and appreciate your response.</div>
<div> </div>
<div>I have recently started evaluating OpenID/OAuth, so would like to go along the same lines for implementation of Custom OpenID Provider and would follow same existing protocols to store credentials, Would also interested in implementing Relying Party/Consumer the OpenID/OAuth way.</div>
<div> </div>
<div>
<div>BUT, everything follows once I have some blueprint on how I would able to gracefully handle user authentication (using OpenID) w/out redirection (using User Agent/Browser), may be thru some API level calls.</div>
<div> </div></div>
<div><font style="BACKGROUND-COLOR: #ffff99"><strong><u>Generally on a broader level, following is the base use case scenario:</u></strong></font></div>
<div><font style="BACKGROUND-COLOR: #ffff99"></font> </div>
<div><font style="BACKGROUND-COLOR: #ffff99">1. User Goes to any/my custom OpenID Provider site and register herself, grabs OpenID.</font></div>
<div><font style="BACKGROUND-COLOR: #ffff99"></font> </div>
<div><font style="BACKGROUND-COLOR: #ffff99">2. User then switched to Set-Top-Box STB/Palystation and STB validates the user authenticity, if not found in local cache, it will need to get User authenticated with its OpenID Identifier from the OpenID Provider (w/out redirection if possible).</font></div>
<div><font style="BACKGROUND-COLOR: #ffff99"></font> </div>
<div><font style="BACKGROUND-COLOR: #ffff99">3. STB gets the response, based on it would grab content from content provider and presents to the authenticated user.</font></div>
<div><font style="BACKGROUND-COLOR: #ffff99"></font> </div>
<div><font style="BACKGROUND-COLOR: #ffff99">Rest my solution will follow everything laid out by the OpenId Standards, such as credential/token caching/establishing trust/communication protocols etc.</font></div>
<div> </div>
<div>I have not yet drafted proposed architecture, yet but will do and can share once I get past this point.</div>
<div> </div>
<div>So would appreciate if you can talk/share something on that or guide/provide pointers.</div>
<div> </div>
<div>Thanks,</div>
<div>Kamal<br> </div>
<div class="gmail_quote">On Fri, Apr 10, 2009 at 12:04 PM, Krishna Sankar (ksankar) <span dir="ltr"><<a href="mailto:ksankar@cisco.com">ksankar@cisco.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div lang="EN-US" style="WORD-WRAP: break-word" vlink="purple" link="blue">
<div>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">Kamal,</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> It is plausible. There are choreographies that can do app2app authC/authZ using OpenID/OAuth mechanisms. The browser is one mechanism and imho is not the only one. It all depends on the trust fabric, the credential flow (how it is acquired, accessed and stored) and the capability of the devices. </span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p style="TEXT-INDENT: 0.5in"><span style="FONT-SIZE: 11pt; COLOR: #1f497d">I would be happy to discuss – but I do not have any special knowledge on set-top box implementation. Have you worked out your general authC/authZ framework ? Also do you have the use cases /scenarios that requires these mechanisms ?</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">Cheers</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"><k/></span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<div>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<p><b><span style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> <a href="mailto:oauth@googlegroups.com" target="_blank">oauth@googlegroups.com</a> [mailto:<a href="mailto:oauth@googlegroups.com" target="_blank">oauth@googlegroups.com</a>] <b>On Behalf Of </b>David Recordon<br>
<b>Sent:</b> Friday, April 10, 2009 11:47 AM<br><b>To:</b> <a href="mailto:general@openid.net" target="_blank">general@openid.net</a> List; OAuth<br><b>Cc:</b> <a href="mailto:board@openid.net" target="_blank">board@openid.net</a> >> <a href="mailto:board@openid.net" target="_blank">board@openid.net</a><br>
<b>Subject:</b> [oauth] Fwd: [OpenID board] Question on implementation of OAUTH/OpenID for Set-top-box</span></p></div></div>
<div>
<div></div>
<div class="h5">
<p> </p>
<p>Hey Kamal,</p>
<div>
<p>I'm forwarding your email to both the OpenID General and OAuth mailing lists.</p></div>
<div>
<p> </p></div>
<div>
<p>Cheers,</p></div>
<div>
<p>--David</p>
<div>
<p> </p>
<div>
<p>Begin forwarded message:</p></div>
<p><br><br></p>
<div>
<div>
<p><b><span style="FONT-SIZE: 9pt; COLOR: black">From: </span></b><span style="FONT-SIZE: 9pt">Kamal Mehta <<a href="mailto:kamal.mehta@gmail.com" target="_blank">kamal.mehta@gmail.com</a>></span></p></div>
<div>
<p><b><span style="FONT-SIZE: 9pt; COLOR: black">Date: </span></b><span style="FONT-SIZE: 9pt">April 10, 2009 12:30:31 AM PDT</span></p></div>
<div>
<p><b><span style="FONT-SIZE: 9pt; COLOR: black">To: </span></b><span style="FONT-SIZE: 9pt"><a href="mailto:board@openid.net" target="_blank">board@openid.net</a></span></p></div>
<div>
<p><b><span style="FONT-SIZE: 9pt; COLOR: black">Subject: </span></b><b><span style="FONT-SIZE: 9pt">[OpenID board] Question on implementation of OAUTH/OpenID for Set-top-box</span></b></p></div>
<div>
<p><b><span style="FONT-SIZE: 9pt; COLOR: black">Reply-To: </span></b><span style="FONT-SIZE: 9pt"><a href="mailto:board@openid.net" target="_blank">board@openid.net</a></span></p></div>
<div>
<p> </p></div></div>
<div>
<p>Hi,</p></div>
<div>
<p> </p></div>
<div>
<p>We are evaluating the integration of OpenID/OAUTH for our clients so that there could be a seamless user experience of Authentication on Playstation/Set-top-box. In due course we investigated it a bit and found that OpenID/OAUTH 2.0 follows a redirection model FROM Relying Party TO OpenID Provider through the UserAgent, which happens to be browser in all example implementation we have seen.</p>
</div>
<p> We have quick question, As described we are using Blue-Ray players which lacks the ability of having state-of-the-art browsers, is there any possibility of implementing OpenID and OAUTH w/out going thru browser route of redirection, such as any direct API call to get an authentication of user? Is it even feasible?</p>
<p> Are there any implementations done for Set-Top-Box by any other company we could leverage some design discussions?</p>
<p> Appreciate your early response.</p>
<p> Thanks in advance.<br clear="all"><br>-- <br>Regards,<br>Kamal Mehta<br><a href="http://www.linkedin.com/in/kamalmehta" target="_blank">http://www.linkedin.com/in/kamalmehta</a></p>
<p>_______________________________________________<br>board mailing list<br><a href="mailto:board@openid.net" target="_blank">board@openid.net</a><br><a href="http://openid.net/mailman/listinfo/board" target="_blank">http://openid.net/mailman/listinfo/board</a></p>
</div>
<p> </p></div></div></div>
<p><br>--~--~---------~--~----~------------~-------~--~----~<br>You received this message because you are subscribed to the Google Groups "OAuth" group. <br>To post to this group, send email to <a href="mailto:oauth@googlegroups.com" target="_blank">oauth@googlegroups.com</a> <br>
To unsubscribe from this group, send email to <a href="mailto:oauth%2Bunsubscribe@googlegroups.com" target="_blank">oauth+unsubscribe@googlegroups.com</a> <br>For more options, visit this group at <a href="http://groups.google.com/group/oauth?hl=en" target="_blank">http://groups.google.com/group/oauth?hl=en</a><br>
-~----------~----~----~----~------~----~------~--~---</p>
<p> </p></div></div></blockquote></div><br><br clear="all"><br>-- <br>Regards,<br>Kamal Mehta<br><a href="http://www.linkedin.com/in/kamalmehta">http://www.linkedin.com/in/kamalmehta</a><br>