[OpenID] Using OpenID outside of the browser
Chris Messina
chris.messina at gmail.com
Fri May 4 22:36:09 UTC 2007
Anyone who wants to hack on OpenOpenAuth should come to SHDH this
weekend in Los Gatos:
http://factoryjoe.com/blog/2007/05/03/cinco-de-devhouse/
We'll probably be in IRC on freenode.net in #SHDH as well. Personally,
I'm reall gunning to get details out about our progress ASAP.
Chris
On 5/1/07, David Fuelling <sappenin at gmail.com> wrote:
> Chris,
>
> Is there anyway you elaborate on your protocol in pseudo-code before you
> actually release the formalized version? I'm curious to know what direction
> you are headed in.
>
> Thanks!
>
> david
>
> On 5/1/07, Chris Messina <chris.messina at gmail.com> wrote:
> >
> > I do want to just shout out that we've been working on a solution for
> > this for Twitter and Ma.gnolia. To describe the problem more acutely:
> >
> > * Let's say you login into Ma.gnolia with an OpenID. This creates an
> > account for you on Ma.gnolia keyed to your OpenID URL.
> > * Next, you download the Ma.gnolia desktop widget and attempt to
> > login. It requires a username and password, which you don't have,
> > since you logged in with OpenID.
> > * At this point, Ma.gnolia could either assign a unique username and
> > password to you, which would defeat the purpose, or we could do
> > something like Flickr does with FlickAuth.
> > * This situation also holds for remote web services that want to make
> > use of protected Ma.gnolia user data that requires authentication for
> > access.
> >
> > I believe that Gabe's solution has this situation in mind, though it
> > requires running a local server, which, in our use case, is not
> > acceptable.
> >
> > In the meantime, we've developed an alternative,
> > authentication-neutral protocol for handling this situation that will
> > work with OpenID (our preferred method) or any other authentication
> > protocol.
> >
> > We have a prototype and code to perform this action right now, but it
> > needs more work before we're ready to release it.
> >
> > I just wanted to alert folks to the fact that some folks are attacking
> > this problem and offering details on our approach.
> >
> > Chris
> >
> >
> > On 5/1/07, Martin Atkins <mart at degeneration.co.uk> wrote:
> > > Brendan Taylor wrote:
> > > >
> > > > When I get some time I intend to describe this idea more concretely
> > and
> > > > implement it. I don't want it to get in the way of SRP adoption,
> > though.
> > > >
> > >
> > > I wouldn't worry too much about the Signature Request Protocol. I think
> > > I'm the only one who cares about it right now. :)
> > >
> > > I'd much sooner see a solution get out there, even if it's just a quick
> > > hack that gets the job done. There are several apps that could
> > > potentially use this that I'd love to see use OpenID rather than Yet
> > > Another Password.
> > >
> > >
> > >
> > > _______________________________________________
> > > general mailing list
> > > general at openid.net
> > > http://openid.net/mailman/listinfo/general
> > >
> >
> >
> > --
> > Chris Messina
> > Citizen Provocateur &
> > Open Source Ambassador-at-Large
> > Work: http://citizenagency.com
> > Blog: http://factoryjoe.com/blog
> > Cell: 412 225-1051
> > Skype: factoryjoe
> > This email is: [ ] bloggable [X] ask first [ ] private
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
>
--
Chris Messina
Citizen Provocateur &
Open Source Ambassador-at-Large
Work: http://citizenagency.com
Blog: http://factoryjoe.com/blog
Cell: 412 225-1051
Skype: factoryjoe
This email is: [ ] bloggable [X] ask first [ ] private
More information about the general
mailing list