[OpenID] Recycling OpenIDs (Was: What's broken in OpenID 2.0? (IIW session))

Stuart Bishop stuart at stuartbishop.net
Thu Jun 14 10:07:42 UTC 2007 

Chris Drake wrote:
> Hi Stuart,
> 
> SB> OpenID 1.1 with directed identity fulfils all of our existing use cases.
> 
> Can you give us an idea of what these use cases are?

Single sign on capability for our growing number of services, including
systems written and/or run by third parties.

Our target audience is Open Source developers and users at all levels, so
many of them are already signed up with other OPs. However *all* our users
have to use the authentication system so we have to ensure that it is usable
for the bulk of them who may not be particularly adept or who can only read
basic English (and in the future, no English at all).

We have a large, vibrant and enthusiastic community around our products.
Many of these community members want to hook into our systems. Sharing the
single signon system improves the user experience, increases the sense of
community and speeds adoption of those community run systems. We also will
expose some public meta data about our users, but it doesn't really matter
if that is done by yardis, openid core or the existing foaf xml exports and
rdf feeds. Validating claims about identity might be useful but I don't
think we have any hard use cases for it yet.

(At least one of these systems will remain hard coded to use our OP and its
directed auth extension for business and ui reasons, but I expect the
remainder of our systems and most of the community systems will end up being
generic RPs as long as that is considered a net gain.)

We need to enhance existing Open Source products to integrate with our
single signon system. OpenID is an open standard allowing us to release
these changes back to the community which we like doing for numerous reasons.

When people sign up to our systems using a 3rd party OP, it would enhance
the user experience if that OP sent us meta data about the user so they
don't have to re enter it (sreg stuff).

I imagine the login forms on our systems will allow entry of email address
or nickname to log in using the local OP, or a URL for OpenID
authentication. Thankfully I think the XRI namepaces do not conflict with
the namespace our nicknames occupy so I think it will remain clean if we
choose to support it in the future.

(Sorry if I'm being vague, but I don't think we are ready to publicise
details yet.)


-- 
Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070614/f3c485cd/attachment-0002.pgp>

More information about the general mailing list