[OpenID] Using OpenID outside of the browser
David Fuelling
sappenin at gmail.com
Wed May 2 03:56:34 UTC 2007
Chris,
Is there anyway you elaborate on your protocol in pseudo-code before you
actually release the formalized version? I'm curious to know what direction
you are headed in.
Thanks!
david
On 5/1/07, Chris Messina <chris.messina at gmail.com> wrote:
>
> I do want to just shout out that we've been working on a solution for
> this for Twitter and Ma.gnolia. To describe the problem more acutely:
>
> * Let's say you login into Ma.gnolia with an OpenID. This creates an
> account for you on Ma.gnolia keyed to your OpenID URL.
> * Next, you download the Ma.gnolia desktop widget and attempt to
> login. It requires a username and password, which you don't have,
> since you logged in with OpenID.
> * At this point, Ma.gnolia could either assign a unique username and
> password to you, which would defeat the purpose, or we could do
> something like Flickr does with FlickAuth.
> * This situation also holds for remote web services that want to make
> use of protected Ma.gnolia user data that requires authentication for
> access.
>
> I believe that Gabe's solution has this situation in mind, though it
> requires running a local server, which, in our use case, is not
> acceptable.
>
> In the meantime, we've developed an alternative,
> authentication-neutral protocol for handling this situation that will
> work with OpenID (our preferred method) or any other authentication
> protocol.
>
> We have a prototype and code to perform this action right now, but it
> needs more work before we're ready to release it.
>
> I just wanted to alert folks to the fact that some folks are attacking
> this problem and offering details on our approach.
>
> Chris
>
>
> On 5/1/07, Martin Atkins <mart at degeneration.co.uk> wrote:
> > Brendan Taylor wrote:
> > >
> > > When I get some time I intend to describe this idea more concretely
> and
> > > implement it. I don't want it to get in the way of SRP adoption,
> though.
> > >
> >
> > I wouldn't worry too much about the Signature Request Protocol. I think
> > I'm the only one who cares about it right now. :)
> >
> > I'd much sooner see a solution get out there, even if it's just a quick
> > hack that gets the job done. There are several apps that could
> > potentially use this that I'd love to see use OpenID rather than Yet
> > Another Password.
> >
> >
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
>
>
> --
> Chris Messina
> Citizen Provocateur &
> Open Source Ambassador-at-Large
> Work: http://citizenagency.com
> Blog: http://factoryjoe.com/blog
> Cell: 412 225-1051
> Skype: factoryjoe
> This email is: [ ] bloggable [X] ask first [ ] private
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070501/0deb41c8/attachment-0001.htm>
More information about the general
mailing list