[OpenID] The "keep context" problem

Chris Drake christopher at pobox.com
Mon Jun 25 05:21:03 UTC 2007 

Friday, June 15, 2007, 10:11:04 AM, you wrote:

JE> I have an additional complaint: the number of clicks in this scenario
JE> is simply way too many, in particular if I have been at that WIki
JE> before and authenticated before.

I think this thread subsequently jumped ahead trying to solve the
wrong problem.  I think this *is* a problem with OpenID, because the
"Single Singn On" mechanism is not working the way it should (ie:
"Single").

What *should* happen, is you sign on a SINGLE time, and thereafter,
wherever you visit*, you're automatically signed-on.

In this example, when you click to edit the page, you can immediately
edit the page, and none of the authentication stuff is visible.

* "wherever" is user-defined in their IdP profile to be one of
  "anywhere", "only places I've been to before and allowed", or
  "nowhere" 

I proposed a solution for this last year - if anyone's interested,
I'll re-iterate.  In a nutshell, it requires RPs to publish endpoints
better ("reverse resolution") so that scripts and browser agents can
accomplish the "Single" bit of "SSO" automatically.

Chris.

JE> (I think your comments, as are mine, are largely directed towards the
JE> MediaWiki / OpenID integration that runs on OpenID.net. One can do it
JE> differently, as many other sites have done, including our own  
JE> MediaWiki integration where context is always preserved.)


JE> On Jun 14, 2007, at 14:16, =drummond.reed wrote:

>> Has anyone else had this same experience?
>>
>> 1) You follow a link or navigate to a page on an OpenID-enabled  
>> wiki page
>> that you realize you need to edit.
>>
>> 2) You click the Edit button/tab/link and it presents an OpenID  
>> login box
>> saying you have to login first.
>>
>> 3) You enter your OpenID and successfully authenticate via your OP.
>>
>> 4) The site returns a vanilla "login successful" page with a big  
>> smiley face
>> saying welcome to the site!
>>
>> But you're not wearing a big smiley face because your original  
>> context is
>> completely lost. The "convenience" of being able to use an OpenID  
>> login
>> means you now have to go back to the home page of the site and  
>> navigate back
>> to the page you want to edit -- which you may not even know if you
>> followed
>> an external link to that page!
>>
>> More than once this has made me think, "Hmmm. If I'd just used my  
>> Firefox
>> password manager, the site would have remembered my context before
>> I had to
>> login and I wouldn't have to find the page I need all over again."
>>
>> Not good for OpenID.
>>
>> So, two questions:
>>
>> 1) Does the OpenID authentication protocol have a way for the RP to
>> keep
>> context after the authentication?
>>
>> 2) If so, why aren't RPs using it? (I have yet to use an OpenID- 
>> enabled wiki
>> that kept your context pre- and post-login.)
>>
>> =Drummond
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general

JE> _______________________________________________
JE> general mailing list
JE> general at openid.net
JE> http://openid.net/mailman/listinfo/general

More information about the general mailing list