[OpenID] OpenID for desktop network clients

Gabe Wachob gabe.wachob at amsoft.net
Wed Mar 21 02:40:46 UTC 2007


I think your missing the point here.

I'm authenticating to a service on the network,that happens to have a client
on my desktop which is not a browser.

That service is not in an enterprise - again, think IM clients (other than
the MS one). I *want* to be identified with my OpenID, I *want* others to
know me on that service by my OpenID.

I don't see how SASL and Active Directory or OSX keychain are even relevant
here. 

	-Gabe

> -----Original Message-----
> From: Troy Benjegerdes [mailto:hozer at hozed.org]
> Sent: Tuesday, March 20, 2007 7:18 PM
> To: Gabe Wachob
> Cc: general at openid.net
> Subject: Re: [OpenID] OpenID for desktop network clients
> 
> On Tue, Mar 20, 2007 at 06:36:26PM -0700, Gabe Wachob wrote:
> > I blogged an idea that I implemented to allow a user to authenticate to
> a
> > desktop client for a "network app" (think  of an IM client) - the idea
> is to
> > present an openid to a desktop client and then have it, in concert with
> the
> > server-side component of the app, use normal OpenID authentication
> through
> > the user's browser to authenticate the user to both the server side and
> to
> > the desktop client:
> >
> >
> >
> > http://blog.wachob.com/2007/03/openid_for_desk.html
> >
> >
> >
> > I have a basic implementation - looking for holes in the idea. Probably
> not
> > a novel idea, but I didn't recall seeing any write-up or implementation
> of
> > this anywhere.
> 
> 
> I guess I don't understand why you'd want to do this.... OpenID seems
> very http-centric, and if you are talking about desktop apps, you would
> be better served by something like SASL, or the kind of stuff that
> happens under the hood in an MS active directory domain with Kerberos.
> 
> What I like is having several computers that can all authenticate to a
> kerberos server and get access to my files and home directory.. this
> covers the desktop side. What's missing for me is being able to
> automagically be logged into my openid server once I am logged into my
> desktop environment.
> 
> Or let's take the case of a mac user.. They log into their macbook,
> which unlocks the OSX Keychain, which handles most OSX applications
> nicely. The keychain should then know something about coordinating with
> the browser to be able to auto-fill in openid web forms.
> 
> I guess the point I'm trying to make is that while you want an
> integrated single sign-on environment that openid is part of, extending
> it to the desktop seems like putting a square peg in a round hole,
> especially since there are so many other solutions on the desktop.




More information about the general mailing list