[OpenID] Identity in the browser - IDIB

Andrew Arnott andrewarnott at gmail.com
Fri Aug 8 15:19:37 UTC 2008 

I was very dissatisfied with Seatbelt because I couldn't figure out how to
add just any OP... some special Seatbelt configuration file "couldn't be
found" for them.  So I was stuck using Verisign's PIP provider.  When I put
in my delegate URL of "=arnott", it said I was being phished, probably
because the RP was directed me to the OP I actually wanted to use.

It seems to me that any extension doing this sort of thing (so consider this
a wishlist item for IDIB) should accept an XRI or URI that the user is
already using as his/her identifier, perform discovery on that, and read the
XRDS file and set up all the Providers automatically.

On Fri, Aug 8, 2008 at 7:14 AM, George Fletcher <gffletch at aol.com> wrote:

> There is one slight model difference between seatbelt and IDIB. In the
> seatbelt case, it only activates if the user navigates to the page that
> contains the OpenID login form (i.e. has a form element named
> openid_url). Also, it can only "log you in" from that same page (i.e. it
> has to use the OpenID form for authentication).
>
> In the case if IDIB, it (1) uses XRDS discovery so it is not restricted
> to the RP's login page and (2) uses a discovered well-known endpoint to
> start the authentication process (i.e. not tied to the OpenID login form).
>
> These differences provide a better user experience, because the user
> doesn't have to find the RP's login form and also because if they
> followed a deep link, they can still be authenticated and returned to
> that resource without having to bounce to the "login page".
>
> [Caveat: This is based on my knowledge of seatbelt when we integrated
> the AOL OpenID provider with the plugin. Please correct me if anything
> has changed.]
>
> Thanks,
> George
>
> Robert Mark White wrote:
> > Not to rain on anyones parade but why not just use the program seatbelt
> > from verisign? I have been using it for months now it allows me to use
> > different openid's and it protects against phishing. Why reinvent the
> > wheel? All that has to happen is for the openid providers to add a
> > simple file to their website making their openid's work with seatbelt.
> > Sure its proprietary and not "open source" but it allows any openid
> > provider to use it, and it works with FF 3.0 right now and has for many
> > months.
> >
> > Signed an interested nobody
> > Robert Mark White
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080808/41a5ae38/attachment-0002.htm>

More information about the general mailing list