[OpenID] ANN: OpenID Information Cards spec and workingimplementation

Peter Williams pwilliams at rapattoni.com
Wed Aug 22 04:53:20 UTC 2007 

Is this patented ?

Is this a levearging microsoft IP? They have a lot of patents (used mostly defensivelý, to be fair)

-----Original Message-----
From: "Johnny Bufu" <johnny at sxip.com>
To: "OpenID List" <general at openid.net>
Sent: 8/21/07 8:48 PM
Subject: [OpenID] ANN: OpenID Information Cards spec and workingimplementation

Hello list,


Attached is a specification for using Information Cards and an  
Identity Selector to perform OpenID Authentication. This enables  
users of Identity Selectors to have a consistent experience across  
Information Card and OpenID sites.

The requirements for a Relying Parties to support OpenID Information  
Cards are nominal; they need to:

1) Request an OpenID token, by putting an "application/x- 
informationCard" <OBJECT> element (or the XHTML equivalent) on their  
login page;

2) Extract the OpenID Authentication response from the XML token  
posted by the Identity Selector.

The above are supported in the latest version of the OpenID4Java  
library. A working implementation is hosted at https:// 
openidcards.sxip.com/ along with a downloadable source package.

The spec currently lives at  https://openidcards.sxip.com/spec/openid- 
infocards.html . If it proves useful, it is our intention to have it  
hosted at openid.net.


Abstract:

This document defines a method of performing OpenID Authentication  
using Information Cards for transferring OpenID claims from an  
Information Card-enabled OpenID Provider to an Information Card- 
enabled OpenID Relying Party.

Protocol flow summary:

- User acquires an OpenID Information Card from their Information  
Card-enabled OP.
- User browses to an OpenID RP.
- User acquires an OpenID Information Card from their Information  
Card-enabled OP.
- User browses to an OpenID RP and invokes an "application/x- 
informationCard" <OBJECT> element on the RP's login page
- Identity selector assists the user in choosing an OpenID  
Information Card to use for logging into the RP
- Identity selector contacts the OP/STS and retrieves a token that  
encapsulates an OpenID assertion.
- RP extracts the OpenID Authentication response from the OpenID  
Information Card token


Johnny

More information about the general mailing list