Gathering requirements for in-browser OpenID support

Gabe Wachob gabe.wachob at amsoft.net
Wed Oct 18 00:28:41 UTC 2006 

Can you summarize what keychain actually does for those of us who are not
mac people? Is it like PasswordSafe (http://passwordsafe.sourceforge.net/)? 

It looks like a password manager - in which case, openid wouldn't really be
directly involved. How you authenticate to an IDP (or whatever it will be
called) is outside the scope of openid. That's between you and your IDP...
So if they can somehow induce keychain to cough up credentials to the IDP,
then sure, openid works seamless with keychain.. 

But of course, I'm basing this on my perhaps incorrect understanding of
keychain. 

   -Gabe



> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Chris Messina
> Sent: Tuesday, October 17, 2006 5:22 PM
> To: general at openid.net
> Subject: Re: Re: Gathering requirements for in-browser OpenID support
> 
> More generally, we need to see integration of OpenID and Apple's Keychain:
> 
> http://dig.csail.mit.edu/breadcrumbs/node/55
> 
> Imagine logging into your user account, which itself is an OpenID, and
> being able to be authenticated against all the web services you
> typically use. This is probably a reality in most enterprise
> environments, but for the lay-consumer (read: me) this is light years
> away.
> 
> OpenID + the MacOSX Keychain would be a very positive step in that
> direction, especially if Mozilla and others could leverage it
> generally, as Camino and Safari do.
> 
> Chris
> 
> On 10/17/06, Jaco Aizenman <skorpio at gmail.com> wrote:
> > +1
> >
> >
> > On 10/16/06, Drummond Reed <drummond.reed at cordance.net> wrote:
> > > +1 for building ooTao's ph-off into the browser. It's a great utility
> -- I
> > > use it every day. As Brad says, it's dramatically easier to maintain a
> > short
> > > whitelist of real IdPs rather than an infinite blacklist of fake ones.
> > >
> > > =Drummond
> > >
> > > -----Original Message-----
> > > From: general-bounces at openid.net [mailto:general-bounces at openid.net]
> On
> > > Behalf Of Brad Topliff
> > > Sent: Monday, October 16, 2006 1:29 PM
> > > To: general at openid.net
> > > Subject: RE: Gathering requirements for in-browser OpenID support
> > >
> > > We (and when I say we, I mean Andy Dale) did some work on this
> > >
> > (http://xditao.blogspot.com/2006/09/you-should-ph-off.html)
> > as a proof of
> > > concept.  It is alpha code, but it addresses some of the thoughts and
> > > requirements that should go into this.
> > >
> > > To Scott's final comment, one of the big issues to be considered is
> the
> > > logistical difference between showing something obviously POSITIVE
> when
> > you
> > > are at one of your few "trusted" IdPs as opposed to something NEGATIVE
> > when
> > > you are someplace "untrusted" (which is everywhere else).
> > >
> > > -Brad
> > >
> > > -----Original Message-----
> > > From: general-bounces at openid.net [mailto: general-bounces at openid.net]
> On
> > > Behalf Of Scott Kveton
> > > Sent: Monday, October 16, 2006 12:32 PM
> > > To: general at openid.net
> > > Subject: Re: Gathering requirements for in-browser OpenID support
> > >
> > > Hey Rob,
> > >
> > > > I'm trying to gather requirements for OpenID support. I think I have
> a
> > > > reasonable understanding of the draft, but part of the appeal of
> OpenID
> > > > is that it doesn't necessarily require browser vendors to do
> anything :)
> > > >
> > > > I've seen the proposed 2617-style HTTP authentication scheme on the
> > > > wiki. What else could browser vendors do to make OpenID a smoother
> > > > experience for users?
> > >
> > > As I posted on the Mozilla wiki:
> > >
> > >
> > http://wiki.mozilla.org/Firefox/Feature_Brainstorming#Identity
> > >
> > > I'd love to see some anti-phishing mojo baked into the browser.  If
> the
> > user
> > > could set their trusted IdP (or multiple as the case may be) in the
> > browser
> > > and then have the browser do something obvious when the users is
> presented
> > > with an "untrusted" page asking for their password that would be great
> > IMHO.
> > >
> > > - Scott
> > >
> > > _______________________________________________
> > > general mailing list
> > > general at openid.net
> > > http://openid.net/mailman/listinfo/general
> > >
> > >
> > > _______________________________________________
> > > general mailing list
> > > general at openid.net
> > > http://openid.net/mailman/listinfo/general
> > >
> > > _______________________________________________
> > > general mailing list
> > > general at openid.net
> > > http://openid.net/mailman/listinfo/general
> > >
> >
> >
> >
> > --
> > Jaco Aizenman L.
> > My iname is =jaco (http://xri.net/=jaco)
> > Founder                - www.virtualrights.org
> > XDI Board member - www.xdi.org
> > Cofounder CEO     - costarricense.com
> > Tel/Voicemail: 506-3461570
> > Costa Rica
> >
> > What is an i-name?
> > http://en.wikipedia.org/wiki/I-name
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
> >
> 
> 
> --
> Chris Messina
> Citizen Provocateur &
>   Open Source Ambassador-at-Large
> Work: http://citizenagency.com
> Blog: http://factoryjoe.com/blog
> Cell: 412 225-1051
> Skype: factoryjoe
> This email is:   [ ] bloggable    [X] ask first   [ ] private
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list