Gathering requirements for in-browser OpenID support

Chris Drake christopher at pobox.com
Thu Oct 19 16:30:53 UTC 2006 

Hi Chris Messina,

Your idea is not currently supported in OpenID - every new site a user
visits after "logging in" for the day, will require him to re-type his
OpenID again (and again...).

The proposed OpenIDHTTPAuth standard would, however, provide a
mechanism to accomplish your (our) dream - which is - log in (or out!)
once, and you don't have to do it again for every RP you visit.

Kind Regards,
Chris Drake


Wednesday, October 18, 2006, 10:21:34 AM, you wrote:

CM> More generally, we need to see integration of OpenID and Apple's Keychain:

CM> http://dig.csail.mit.edu/breadcrumbs/node/55

CM> Imagine logging into your user account, which itself is an OpenID, and
CM> being able to be authenticated against all the web services you
CM> typically use. This is probably a reality in most enterprise
CM> environments, but for the lay-consumer (read: me) this is light years
CM> away.

CM> OpenID + the MacOSX Keychain would be a very positive step in that
CM> direction, especially if Mozilla and others could leverage it
CM> generally, as Camino and Safari do.

CM> Chris

CM> On 10/17/06, Jaco Aizenman <skorpio at gmail.com> wrote:
>> +1
>>
>>
>> On 10/16/06, Drummond Reed <drummond.reed at cordance.net> wrote:
>> > +1 for building ooTao's ph-off into the browser. It's a great utility -- I
>> > use it every day. As Brad says, it's dramatically easier to maintain a
>> short
>> > whitelist of real IdPs rather than an infinite blacklist of fake ones.
>> >
>> > =Drummond
>> >
>> > -----Original Message-----
>> > From: general-bounces at openid.net
>> [mailto:general-bounces at openid.net] On
>> > Behalf Of Brad Topliff
>> > Sent: Monday, October 16, 2006 1:29 PM
>> > To: general at openid.net
>> > Subject: RE: Gathering requirements for in-browser OpenID support
>> >
>> > We (and when I say we, I mean Andy Dale) did some work on this
>> >
>> (http://xditao.blogspot.com/2006/09/you-should-ph-off.html)
>> as a proof of
>> > concept.  It is alpha code, but it addresses some of the thoughts and
>> > requirements that should go into this.
>> >
>> > To Scott's final comment, one of the big issues to be considered is the
>> > logistical difference between showing something obviously POSITIVE when
>> you
>> > are at one of your few "trusted" IdPs as opposed to something NEGATIVE
>> when
>> > you are someplace "untrusted" (which is everywhere else).
>> >
>> > -Brad
>> >
>> > -----Original Message-----
>> > From: general-bounces at openid.net [mailto: general-bounces at openid.net] On
>> > Behalf Of Scott Kveton
>> > Sent: Monday, October 16, 2006 12:32 PM
>> > To: general at openid.net
>> > Subject: Re: Gathering requirements for in-browser OpenID support
>> >
>> > Hey Rob,
>> >
>> > > I'm trying to gather requirements for OpenID support. I think I have a
>> > > reasonable understanding of the draft, but part of the appeal of OpenID
>> > > is that it doesn't necessarily require browser vendors to do anything :)
>> > >
>> > > I've seen the proposed 2617-style HTTP authentication scheme on the
>> > > wiki. What else could browser vendors do to make OpenID a smoother
>> > > experience for users?
>> >
>> > As I posted on the Mozilla wiki:
>> >
>> >
>> http://wiki.mozilla.org/Firefox/Feature_Brainstorming#Identity
>> >
>> > I'd love to see some anti-phishing mojo baked into the browser.  If the
>> user
>> > could set their trusted IdP (or multiple as the case may be) in the
>> browser
>> > and then have the browser do something obvious when the users is presented
>> > with an "untrusted" page asking for their password that would be great
>> IMHO.
>> >
>> > - Scott
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>>
>>
>>
>> --
>> Jaco Aizenman L.
>> My iname is =jaco (http://xri.net/=jaco)
>> Founder                - www.virtualrights.org
>> XDI Board member - www.xdi.org
>> Cofounder CEO     - costarricense.com
>> Tel/Voicemail: 506-3461570
>> Costa Rica
>>
>> What is an i-name?
>> http://en.wikipedia.org/wiki/I-name
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>>
>>

More information about the general mailing list