[OpenID] thoughts on a consumer driven idp affiliate program

Lukas Rosenstock inbox at lukasrosenstock.net
Tue Jan 9 19:01:43 UTC 2007


S. Sriram schrieb:
> For _auto-fill_ this currently already works for the 'login page' of a given
> RP - click the following link to see it in action
> http://www.schtuff.com/?action=login&openid_url=http://autofill.myopenid.here
>   
It works for schtuff but not for any site.
> However for _auto-access_, there needs to be intervention if the user is
> to be saved the 'login click' and authentication dance.
>   
Again, if you know exactly what this RPs URLs are, you can copy the 
login form and start the login process from your site, too.
Okay, I got that idea, however:
- Some users turn referers off.
- Who manages the white lists?

And also, als Martin Atkins said, you don't necessarily want autologin 
and using a POST would be better. Maybe we could include accepting 
openid_url (or openid_identifier, why was that changed?) as query 
parameter for autofill as a recommendation in the spec and leave an 
autologin up to the sites - maybe some "standard" evolves throughout time.




More information about the general mailing list