[OpenID] Standard for browser integration with auto-login through whitelists
Fabian Neumann
fn08 at pseudopost.org
Sun Dec 16 12:46:27 UTC 2007
Hi list,
I already wrote that on my blog[1], but it got almost no attention, so
I'll try it here:
Thinking about whether OpenID is capable of true single-sign-on[2] I
came to the conclusion that it’s probably not designed for this, but
that browser integration could provide an almost similar experience if
there was a standard for this. So here’s my question:
(Note that I know of Verisign’s Seatbelt and Sxipper. But both do not
offer what I request here, AFAIK.)
Is there a project or standard proposition that aims to (or even an
implementation that already does) enable OpenID browser integration in
the following way?
1. let the user create a whitelist à la “always use xyz.myopenid.com for
foobarsite.com”
2. let the browser use this whitelist to send a standardized cookie or
HTTP-header to the relying party site on each request (or only when
no standardized and valid session cookie exists)
3. on receiving such an request, the RP should automagically start the
authentication process — and finish it transparently for me if I’m
logged into my OpenID provider
I think this is a simple (too simple?) idea that only needed a very
small standard but could improve user experience.
Any comments?
Fabian
[1]
http://pseudopost.org/archives/2007/12/openid-browser-integration-with-auto-login-through-whitelists/
[2] http://www.cricketschirping.com/weblog/?p=1123
More information about the general
mailing list