[OpenID] The "keep context" problem

Peter Williams pwilliams at rapattoni.com
Thu Jun 14 23:41:52 UTC 2007 

There are 2500 openid sites, its been alleged.

Which one allows a user to authenticate to an op providers backend session manager (Using a self-signed but recognized  https cert with the user's hxri url id in the uri name-field, say), then just sso seamlessly in to a particular, *deep* landing page on the site of the op consumer?

I have a need for that. Our portal keeps several links for each user. They just want to click on one of several such "http get links",and it arrives at a particular editable topic in their wiki, a blog topic, etc.

If, on trying to land there, the consuming openid agent happens to almost invisibly revisit the op provider (or also pull an xrd) that's  fine.

-----Original Message-----
From: "=drummond.reed" <drummond.reed at cordance.net>
To: "'openid-general'" <general at openid.net>
Sent: 6/14/07 2:16 PM
Subject: [OpenID] The "keep context" problem

Has anyone else had this same experience?

1) You follow a link or navigate to a page on an OpenID-enabled wiki page
that you realize you need to edit.

2) You click the Edit button/tab/link and it presents an OpenID login box
saying you have to login first.

3) You enter your OpenID and successfully authenticate via your OP.

4) The site returns a vanilla "login successful" page with a big smiley face
saying welcome to the site!

But you're not wearing a big smiley face because your original context is
completely lost. The "convenience" of being able to use an OpenID login
means you now have to go back to the home page of the site and navigate back
to the page you want to edit -- which you may not even know if you followed
an external link to that page!

More than once this has made me think, "Hmmm. If I'd just used my Firefox
password manager, the site would have remembered my context before I had to
login and I wouldn't have to find the page I need all over again."

Not good for OpenID.

So, two questions:

1) Does the OpenID authentication protocol have a way for the RP to keep
context after the authentication? 

2) If so, why aren't RPs using it? (I have yet to use an OpenID-enabled wiki
that kept your context pre- and post-login.)

=Drummond 

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list