[OpenID] Quick question about the Yahoo buttons
Peter Williams
pwilliams at rapattoni.com
Tue Mar 4 19:59:30 UTC 2008
so what is the idea?
1. Every RP site accepting an OP will have a unique button 1 per OP (all 3000 of them)?
2. Or is the idea that certain OP will be proxies for 2999 other upstream OPs, acting as an OP broker that "adds value" (like evaulation)
(2) is what I did in my OP implementation(s). The OP engaging in RP discovery is first a proxy for a SAML IDP, which can itself chain according to SAML's chaining protocol. Depending on the SAML binding used, this may or may not be visible to the bowser. Then, any one of those SAML IDPs can be a proxy for an upstream OP, by initiating an openid auth protocol run. The cycle obviously goes on endlessly, with control signals terminating the chaining and referals.
Different partial orders can be used to decide what happens when multiple attribute authorities (both upstream and downstream) provide data values, in the same namespace, for AX and sreg.
From: Allen Tom
Sent: Tue 3/4/2008 11:21 AM
To: general at openid.net; max at artssalliancelabs.com
Cc: Martin Atkins
Subject: Re: [OpenID] Quick question about the Yahoo buttons
Hi Max,
Marin's answer is correct. Here are a few examples:
https://www.plaxo.com/signin?ntmp=1
https://pibb.com/signin
http://jyte.com/auth/login
http://www.wishlistr.com/login-openid/
http://twitterfeed.com/auth/login/
https://www.rateaustin.com/howdy/
Allen
Martin Atkins wrote:
Max Metral wrote:
I like the idea of having larger provider icons on my consumer site
because it helps people realize they can use OpenID even when they have
no idea what it is. But what confuses the daylights out of me is where
that button is supposed to go. Yahoo has this page to "grab a button"
with no actual information about where the hell the link should point:
http://developer.yahoo.com/openid/loginbuttons.html
Am I supposed to just point them at the existing OpenID form when they
click this or is there some more hand-holding process that Yahoo offers
given that their users have to enable their accounts? I realize there
is potentially some session negotiation that has to occur with my
server, just not sure how that's supposed to go and what URLs it would use.
My understanding is that your Yahoo! button should behave exactly as if
the user had entered "yahoo.com" into your normal OpenID login form and
submitted. It's really just a shorthand to save the user from typing
that in.
This will of course only work if you have an OpenID 2.0-capable relying
party, since Yahoo! supports only 2.0 and uses the 2.0 "directed
identity" feature to support the above.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080304/8e66aeb5/attachment-0001.htm>
More information about the general
mailing list