Gathering requirements for in-browser OpenID support
Jaco Aizenman
skorpio at gmail.com
Tue Oct 17 15:50:51 UTC 2006
+1
On 10/16/06, Drummond Reed <drummond.reed at cordance.net> wrote:
>
> +1 for building ooTao's ph-off into the browser. It's a great utility -- I
> use it every day. As Brad says, it's dramatically easier to maintain a
> short
> whitelist of real IdPs rather than an infinite blacklist of fake ones.
>
> =Drummond
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Brad Topliff
> Sent: Monday, October 16, 2006 1:29 PM
> To: general at openid.net
> Subject: RE: Gathering requirements for in-browser OpenID support
>
> We (and when I say we, I mean Andy Dale) did some work on this
> (http://xditao.blogspot.com/2006/09/you-should-ph-off.html) as a proof of
> concept. It is alpha code, but it addresses some of the thoughts and
> requirements that should go into this.
>
> To Scott's final comment, one of the big issues to be considered is the
> logistical difference between showing something obviously POSITIVE when
> you
> are at one of your few "trusted" IdPs as opposed to something NEGATIVE
> when
> you are someplace "untrusted" (which is everywhere else).
>
> -Brad
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Scott Kveton
> Sent: Monday, October 16, 2006 12:32 PM
> To: general at openid.net
> Subject: Re: Gathering requirements for in-browser OpenID support
>
> Hey Rob,
>
> > I'm trying to gather requirements for OpenID support. I think I have a
> > reasonable understanding of the draft, but part of the appeal of OpenID
> > is that it doesn't necessarily require browser vendors to do anything :)
> >
> > I've seen the proposed 2617-style HTTP authentication scheme on the
> > wiki. What else could browser vendors do to make OpenID a smoother
> > experience for users?
>
> As I posted on the Mozilla wiki:
>
> http://wiki.mozilla.org/Firefox/Feature_Brainstorming#Identity
>
> I'd love to see some anti-phishing mojo baked into the browser. If the
> user
> could set their trusted IdP (or multiple as the case may be) in the
> browser
> and then have the browser do something obvious when the users is presented
> with an "untrusted" page asking for their password that would be great
> IMHO.
>
> - Scott
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
--
Jaco Aizenman L.
My iname is =jaco (http://xri.net/=jaco)
Founder - www.virtualrights.org
XDI Board member - www.xdi.org
Cofounder CEO - costarricense.com
Tel/Voicemail: 506-3461570
Costa Rica
What is an i-name?
http://en.wikipedia.org/wiki/I-name
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061017/67e73c41/attachment-0001.htm>
More information about the general
mailing list