[OpenID] ANN: OpenID Information Cards spec and workingimplementation
Peter Williams
pwilliams at rapattoni.com
Wed Aug 22 04:53:20 UTC 2007
Is this patented ?
Is this a levearging microsoft IP? They have a lot of patents (used mostly defensivelý, to be fair)
-----Original Message-----
From: "Johnny Bufu" <johnny at sxip.com>
To: "OpenID List" <general at openid.net>
Sent: 8/21/07 8:48 PM
Subject: [OpenID] ANN: OpenID Information Cards spec and workingimplementation
Hello list,
Attached is a specification for using Information Cards and an
Identity Selector to perform OpenID Authentication. This enables
users of Identity Selectors to have a consistent experience across
Information Card and OpenID sites.
The requirements for a Relying Parties to support OpenID Information
Cards are nominal; they need to:
1) Request an OpenID token, by putting an "application/x-
informationCard" <OBJECT> element (or the XHTML equivalent) on their
login page;
2) Extract the OpenID Authentication response from the XML token
posted by the Identity Selector.
The above are supported in the latest version of the OpenID4Java
library. A working implementation is hosted at https://
openidcards.sxip.com/ along with a downloadable source package.
The spec currently lives at https://openidcards.sxip.com/spec/openid-
infocards.html . If it proves useful, it is our intention to have it
hosted at openid.net.
Abstract:
This document defines a method of performing OpenID Authentication
using Information Cards for transferring OpenID claims from an
Information Card-enabled OpenID Provider to an Information Card-
enabled OpenID Relying Party.
Protocol flow summary:
- User acquires an OpenID Information Card from their Information
Card-enabled OP.
- User browses to an OpenID RP.
- User acquires an OpenID Information Card from their Information
Card-enabled OP.
- User browses to an OpenID RP and invokes an "application/x-
informationCard" <OBJECT> element on the RP's login page
- Identity selector assists the user in choosing an OpenID
Information Card to use for logging into the RP
- Identity selector contacts the OP/STS and retrieves a token that
encapsulates an OpenID assertion.
- RP extracts the OpenID Authentication response from the OpenID
Information Card token
Johnny
More information about the general
mailing list