[OpenID] OpenID Exchange

John Panzer jpanzer at aol.net
Tue Jan 16 17:10:52 UTC 2007

Martin Atkins wrote:

>Simon Willison wrote:
>>On 15 Jan 2007, at 08:08, Martin Atkins wrote:
>>>OpenID Exchange[1] is a protocol for doing arbitrary HTTP requests
>>>between two sites where the caller acts on behalf of the user and the
>>>user gives that caller a one-time permission to perform the action.
>>So it's basically a spec for doing with OpenID the kind of things  
>>that Flickr's authentication API does? i.e. a mechanism for letting a  
>>third party application make API calls on your behalf without having  
>>to give them your full authentication details?
>After having a quick look at that I'd say yes, it is very similar.
>They could in theory implement their "login link" thing over OpenID 
>Exchange, and then proceed as normal with the returned "frob".
>However, I'm more interested in generic, multi-platform APIs that allow 
>a loosely-coupled client and server, however. The "Post to my Weblog" 
>service is intended so that in theory any random site can post to any 
>random weblog — regardless of weblog platform[1] — without needing any 
>pre-existing relationship nor any of this "API Key" nonsense.
I'm very interested in this topic.  There are lots of interesting issues 
that come up when you want to allow intermediaries as well (clients 
which talk to servers which are themselves clients... all of whom need 
to have some end user identity information).

I can't find the reference for OpenID Exchange, though -- is there

>[1] Of course, the weblog platform will need to implement the "Post to 
>my weblog" protocol!
There is such a protocol, which currently relies on HTTP authentication 
schemes because there's nothing both open and standard sitting out there 
to use:


Perhaps this is simply a matter of filling in the gaps?

(Disclosure: I contribute to the Atom WG.)


Abstractioneer <http://feeds.feedburner.com/aol/SzHO>John Panzer
System Architect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070116/3e12d172/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SzHO.gif
Type: image/gif
Size: 7818 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070116/3e12d172/attachment-0002.gif>

More information about the general mailing list