[OpenID] Developer Preview: Identity in the browser - IDIB ...

George Fletcher gffletch at aol.com
Fri Aug 8 13:32:00 UTC 2008 

Steven Osborn wrote:
> Right now IDIB tries to discover the XRDS location via GET in both the 
> http X-XRDS-Location header and http-equiv.  If it discovers a XRDS 
> document that advertises IDIB support it asks the user to login.  So 
> IDIB requires the RP to implicitly include XRDS location information on 
> any page they wish the user to be prompted from.  I'm happy to talk 
> about ways to improve this behavior.
>   
Thanks for the clarification. As Eric pointed out, this is similar to 
how InfoCards work, and I think a great model. The web site is passively 
defining it's capabilities, and the "identity agent" of the user is 
determining the best way to leverage that information on the user's behalf.
> I'm assuming when you say 'New User' you mean someone who hasn't used 
> OpenID before.  In which case we can determine if a user has used IDIB 
> to login before without the need for any type of XRDS discovery.  It 
> would be possible if the user had not specified their OpenID to present 
> something similar to the OpenID selector in the browser, but I'm not 
> sure if that is the best solution or not.
>
> We would have to message to the user that they _might_ have an OpenID 
> already and list some places they may already have and OpenID with 
> (Yahoo, AOL,  MySpace)  but unfortunately when you start talking about 
> doing that it becomes a bit political/legal.
>   
True. There is a bootstrap process that needs to be defined. I like the 
idea of using EAUT (as mentioned below) during a "first use" experience. 
Something along the lines of...  the plugin stays dormant until it 
detects a site that supports IDIB. Then when it "wakes up" it looks to 
see if it already as one or more OpenID's saved. If there are no OpenIDs 
saved, it starts a "first use" flow that asks the user for either their 
OpenID or their email address. If that email address does not result in 
an OpenID, then maybe ask the user if they have a different email 
address they'd like to try. [Hopefully in the near future, the coverage 
will be close to 100%.] Once an OpenID is found, the process can 
continue as spec'd.
> A possible solution would be to ask the user for an OpenID OR email 
> address.  This way if they are not familiar with OpenID they can login 
> via EAUT. (http://eaut.org/)  This may alleviate some of the new user 
> hurdles since everyone will at the very least know what their email 
> address is.
>
> --
> Steven Osborn
> Founding Developer
> Vidoop LLC
>
> George Fletcher wrote:
>   
>> Just to make sure I understand...
>>
>> Along with the XRDS types defined on the wiki, does the RP just have 
>> to return the X-XRDS-Location header to point to the XRDS file?  If 
>> so, is the RP expected to return the X-XRDS-Location header even if an 
>> explicit XRDS query had not been made?
>>
>> The reason I ask, is that I can see a mode for this plugin that is 
>> proactive (e.g. the "New User" experience). This mode would do more 
>> than just add a subtle tool bar but instead would open a dialog window 
>> that says... "BTW, you have an identity that will allow you to log 
>> into this site. Do you want to continue?" (proper UI wording of course).
>>
>> One of the biggest hurdles I see is not that people who know about 
>> OpenID want an easier way to login... but rather that we want people 
>> who don't even know they have an OpenID to be informed of that fact 
>> and the benefits it provides.
>>
>> Thanks,
>> George
>>
>> Scott Kveton wrote:
>>     
>>> The Identity in the Browser (IDIB for short) project has launched over
>>> on Google Code today:
>>>
>>> http://idib.googlecode.com
>>>
>>> The goal of this project is to produce an open source extension to
>>> Firefox that helps with usability problems and addresses several
>>> security vulnerabilities around OpenID.  Ideally this is the start of
>>> making sense of what identity in the browser would look like.  In the
>>> future, this could be the basis for integrated support in all modern
>>> browsers if the project goes well.
>>>
>>> A couple of key points:
>>>
>>> * This is still very rough and not meant for general users yet
>>>
>>> * The work may lead to extensions to the OpenID protocol that may take
>>> shape in the form of specifications - more information can be found on
>>> the project page wiki:
>>>
>>> http://code.google.com/p/idib/w/list
>>>
>>> * The discussion about IDIB is happening on the mailing list here:
>>>
>>> http://groups.google.com/group/idib
>>>
>>> Hope to see you there!
>>>
>>> - Scott
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>>   
>>>       
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>   
>>     
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

More information about the general mailing list