Gathering requirements for in-browser OpenID support
Drummond Reed
drummond.reed at cordance.net
Tue Oct 17 04:24:14 UTC 2006
+1 for building ooTao's ph-off into the browser. It's a great utility -- I
use it every day. As Brad says, it's dramatically easier to maintain a short
whitelist of real IdPs rather than an infinite blacklist of fake ones.
=Drummond
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Brad Topliff
Sent: Monday, October 16, 2006 1:29 PM
To: general at openid.net
Subject: RE: Gathering requirements for in-browser OpenID support
We (and when I say we, I mean Andy Dale) did some work on this
(http://xditao.blogspot.com/2006/09/you-should-ph-off.html) as a proof of
concept. It is alpha code, but it addresses some of the thoughts and
requirements that should go into this.
To Scott's final comment, one of the big issues to be considered is the
logistical difference between showing something obviously POSITIVE when you
are at one of your few "trusted" IdPs as opposed to something NEGATIVE when
you are someplace "untrusted" (which is everywhere else).
-Brad
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Scott Kveton
Sent: Monday, October 16, 2006 12:32 PM
To: general at openid.net
Subject: Re: Gathering requirements for in-browser OpenID support
Hey Rob,
> I'm trying to gather requirements for OpenID support. I think I have a
> reasonable understanding of the draft, but part of the appeal of OpenID
> is that it doesn't necessarily require browser vendors to do anything :)
>
> I've seen the proposed 2617-style HTTP authentication scheme on the
> wiki. What else could browser vendors do to make OpenID a smoother
> experience for users?
As I posted on the Mozilla wiki:
http://wiki.mozilla.org/Firefox/Feature_Brainstorming#Identity
I'd love to see some anti-phishing mojo baked into the browser. If the user
could set their trusted IdP (or multiple as the case may be) in the browser
and then have the browser do something obvious when the users is presented
with an "untrusted" page asking for their password that would be great IMHO.
- Scott
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list