[OpenID] The "keep context" problem
Martin Atkins
mart at degeneration.co.uk
Mon Jun 25 07:04:17 UTC 2007
Chris Drake wrote:
>
> I proposed a solution for this last year - if anyone's interested,
> I'll re-iterate. In a nutshell, it requires RPs to publish endpoints
> better ("reverse resolution") so that scripts and browser agents can
> accomplish the "Single" bit of "SSO" automatically.
>
For most purposes, it's sufficient for the RP to simply remember (e.g.
in a cookie) what the user last logged in as and attempt that
authentication quietly in the background when they next visit.
If they are still able to authenticate as that identifier, and they
selected "Yes; always" (or equivilent) then nothing needs to be entered
at all.
If they did not select "Yes; always", the login field can still be
pre-filled with the identifier so that the login process becomes merely:
* submit login form
* click "Yes; Just this time"
This is roughly the approach employed by Jyte, which I think is one of
the best RP implementations I've seen so far.
More information about the general
mailing list