[OpenID] thoughts on a consumer driven idp affiliate program

Lukas Rosenstock inbox at lukasrosenstock.net
Tue Jan 9 19:01:43 UTC 2007

S. Sriram schrieb:
> For _auto-fill_ this currently already works for the 'login page' of a given
> RP - click the following link to see it in action
> http://www.schtuff.com/?action=login&openid_url=http://autofill.myopenid.here
It works for schtuff but not for any site.
> However for _auto-access_, there needs to be intervention if the user is
> to be saved the 'login click' and authentication dance.
Again, if you know exactly what this RPs URLs are, you can copy the 
login form and start the login process from your site, too.
Okay, I got that idea, however:
- Some users turn referers off.
- Who manages the white lists?

And also, als Martin Atkins said, you don't necessarily want autologin 
and using a POST would be better. Maybe we could include accepting 
openid_url (or openid_identifier, why was that changed?) as query 
parameter for autofill as a recommendation in the spec and leave an 
autologin up to the sites - maybe some "standard" evolves throughout time.

More information about the general mailing list