Gathering requirements for in-browser OpenID support
Troy Benjegerdes
hozer at hozed.org
Wed Oct 18 17:15:23 UTC 2006
On Mon, Oct 16, 2006 at 12:31:48PM -0700, Scott Kveton wrote:
> Hey Rob,
>
> > I'm trying to gather requirements for OpenID support. I think I have a
> > reasonable understanding of the draft, but part of the appeal of OpenID
> > is that it doesn't necessarily require browser vendors to do anything :)
> >
> > I've seen the proposed 2617-style HTTP authentication scheme on the
> > wiki. What else could browser vendors do to make OpenID a smoother
> > experience for users?
>
> As I posted on the Mozilla wiki:
>
> http://wiki.mozilla.org/Firefox/Feature_Brainstorming#Identity
>
> I'd love to see some anti-phishing mojo baked into the browser. If the user
> could set their trusted IdP (or multiple as the case may be) in the browser
> and then have the browser do something obvious when the users is presented
> with an "untrusted" page asking for their password that would be great IMHO.
I think there needs to be more overlap between the people on the OpenID
list and people on the IETF DIX list... Both of these groups of people
seem to have similiar ideas, and different approaches. A real solution
to this distributed identity problem is going to involve both groups.
More information about the general
mailing list