Gathering requirements for in-browser OpenID support
Dan Lyke
danlyke at flutterby.com
Wed Oct 18 20:01:31 UTC 2006
On Wed, 18 Oct 2006 10:36:02 -0700, Robert Sayre wrote:
> Interesting. Could we get a little more concrete with this idea? I
> think I understand, but we should
> get a more detailed flow. How exactly would I login to my OpenID
> provider with keychain?
I've just used the packaged libraries for OpenID, but I've thought
about this a bit for LID, and...
If the browser is smart enough to communicate with the identity
provider's URL, there's no reason that the identity provider has to do
anything but shuffle data through which the browser/login client is
calculating. The user/browser combination never has to give anything
to the identity provider URL *but* whatever's necessary for this
individual log on.
As I said, I haven't thought this through for OpenID, and I'm not sure
that it's any better in these days of Windows XP to trust a local
machine any more than you'd trust a server, but there are ways to set
up the handshaking such that you're never trusting your identity
provider with things like user names and passwords (or, in the case of
LID, private keys).
Dan
More information about the general
mailing list