[OpenID] Using OpenID to authenticate at a 3rd party service

Chris Richard chris.richard at gmail.com
Mon Feb 12 19:15:30 UTC 2007 

Yea, I came across your OpenID Exchange spec soon after I sent that e-mail.
Very cool.

Assuming I make it far enough, this is exactly what I'll use. Likely I'll
use an Exchange request to setup a session over which various requests can
be made.

Oh, I tried using your Blog Post/Personality Test example but it kept
failing when attempting to post to the blog from the test...

Thanks,

Chris


On 2/12/07, Martin Atkins <mart at degeneration.co.uk> wrote:
>
> Chris Richard wrote:
> > I want to expose a web service that relying parties can use on behalf
> > of users and I'd like to use OpenID to authenticate users at this
> service.
> >
> > I'd like to add the service (a new service type) to the user's XRDS
> > (which already contains an OpenID service) and now the relying party can
> > find both services it needs. But what should the communication look like
> > between these four parties (the user agent, relying party, OpenID
> > service, my web service)? Does the relying party need to authenticate
> > the user with OpenID first and then forward the user through my service
> > where the user is again authenticated and eventually sent back to the
> > relying party?
> >
>
> This is the sort of thing that I envisaged OpenID Exchange (whose name
> will probably change if it's ever published as a spec) would be useful
> for:
>     <http://openid.net/wiki/index.php/OpenID_Exchange_1.0>
>
> To answer your question in the context of OpenID Exchange, the relying
> party can optionally authenticate the user, but ultimately it is most
> important that the target service authenticates the user.
>
> I think in most cases either the RP will already know the identity of
> the remote user or they won't care at all. If it's desired, both the RP
> and the service can authenticate the user as part of the process, but of
> course that leads to the sub-optimal situation where the user could get
> prompted to approve a site twice, which is likely to cause confusion.
>
> Sadly I've not had much time recently to work on a prototype
> implementation of this beyond my simple demo.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070212/27965851/attachment-0002.htm>

More information about the general mailing list