[OpenID] thoughts on a consumer driven idp affiliate program
S. Sriram
ssriram at gmail.com
Tue Jan 9 17:42:11 UTC 2007
From: "Lukas Rosenstock" <inbox at lukasrosenstock.net>
>
>> So, a consumer that receives a request from an idp affiliate where the
>> HTTP_REFERRER is from an ourservice.com domain and the
>> request is of the type
>> http://ourservice.schtuff.com?caller_id=http://www.ourservice.com/users/john
>> could automatically do the needful.
>
> This could do the work.
> Currently there is already an agreement to set the name property of the
> login textbox to "openid_url". This agreement can be extended. My
> suggestion:
>
To clarify my earlier comments:
For _auto-fill_ this currently already works for the 'login page' of a given
RP - click the following link to see it in action
http://www.schtuff.com/?action=login&openid_url=http://autofill.myopenid.here
However for _auto-access_, there needs to be intervention if the user is
to be saved the 'login click' and authentication dance.
In cases where the referrer is the idp, than the authentication dance
becomes
redundant. So, a mechanism by which an RP could allow auto-access to
calls made from a whitelisted idp with a caller_id passed in the url would
make it that much smoother for the end-user. In the schtuff example, the
user
would automatically be logged-in and in position to make edits if they were
to be _referred_ from a whitelisted idp. The call might be
http://whitlisted_idp.schtuff.com?caller_id=http:/www.whitelisted_idp.com/user/john
Hope that clarifies
S. Sriram
More information about the general
mailing list