[OpenID] You must sign in to authenticate to http://*.openid.net/ as as http://homepw.myopenid.com/.

[Peter Williams]

Does anyone know of a site -- on the lines of the wiki and the myopenid.com IDP -- that represents a showcase for consumers to specifically exploit the UCI property of OpenID?
 
Ideally that site will not simply be: here is an editor to set your html markup, Grandma. It will feature UI concept that presents Grandma with a designer-GUI that accomplishes the goal with some appropriate UI metaphor and site design fit for consumers to both setup their UCI and understand what the portability benefit brings them. For example, the benefit could be expressed as: here is an easy means to shift your UCI to our sister IDP, at site B.
 
The background for the request is given in the memo's appendix.
 
Thanks,
Peter.
 
 
-----------------------------

		 

		"You must sign in to authenticate to http://*.openid.net/ as as http://homepw.myopenid.com/. "

 
 
I'm setting up a public experiment to see what the OpenID model service sites actually deliver to consumer, given the above tag line from the MyOpenID portal.
 
 
 
 
The experiment will focus on answering the questions:
 
(a)  "which SSL client certs may I use", and 
 
(b) "where does webSSO get me, once I signin at an OpenID IDP". 
 
The first question investigates if there are any SSL trust model assumptions within the OpenID movement ("sign-in").
 
The second question probes how authenticated name services used within the OpenID scheme shall control access to remote resources using the wildcard markup ("*.openid.net")
 
 
 
 
If we draw up the experimental plan, one can outline the usual elements of:-
 
OBJECTIVE: attempt to do OpenID Auth-based webSSO to the community's premier wiki so as to participate in some but not all of the access-controlled collaborative forums @openid.net.
 
GOAL: complete logon using the model OpenID IDP service portal @myopenid.com
 
MEANS & RESOURCES: use my pre-registered homepw OP identity, and my CAcert certificate to signin to the IDP via SSL3's client auth mechanism.
 
OPTIONAL OBJECTIVE: demonstrate portability of homepw.openid.com to another OP. Or, if that's an inappropriate objective, demonstrate portability of a UCI-class OP that is first resolved using urn:homepw.openid.com
 
 
 
 
 
 
This project plan should enable several conclusions to be drawn, representing several reasoned research results:- 
 
(1) demonstrate or prove whether the trust models of the model OP Providers site's use of SSL client auth is in practice (a) in the hands of those controlling the UCIs, or (b) the hands of the OP Provider
 
(2) demonstrate or prove the feasibility of UCI portability between providers, in an OpenID 1.1 complying world
 
(3) demonstrate or prove that UCI portability is actually independent of PKI trust models.
 
 
 
I need some help. I think the component I'm missing in my apparatus is an OpenID-friendly blogging or personal-page hosting site that allows me, using suitable consumer tools, to set my HTML tags - so the portability objectives of the experiment can be addressed.
 
Does anyone know of a site -- on the lines of the wiki and the myopenid.com IDP -- that represents a showcase for consumers to specifically exploit the UCI property of OpenID?
 
Ideally that site will not simply be: here is an editor to set your html markup, Grandma. It will feature UI concept that presents Grandma with a designer-GUI that accomplishes the goal with some appropriate UI metaphor and site design fit for consumers to both setup their UCI and understand what the portability benefit brings them. For example, the benefit could be expressed as: here is an easy means to shift your UCI to our sister IDP, at site B.