[OpenID] OpenID SREG best practice question

Breno de Medeiros breno at google.com
Fri Nov 14 01:29:06 UTC 2008 

On Thu, Nov 13, 2008 at 5:17 PM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
>>I like the idea of tracking when the data changes and doing something
>>special then. I'd love to see RPs only ask for SREG data when they need
>>it. However, this is increasingly difficult with directed identity as
>>the RP doesn't know who the user is until after authentication.
>
> The problem, then, is that RP's can only ask for the user's SREG data
> *during* authentication? And by the time it knows to ask for this
> data, the user has *already* authenticated, so it's too late?
>
> Ideally, there would be something like checkid_immediate for SREG;
> practically, the UX is still broken because it "logs in" the user and
> then says "Hold on one second, we need to send you back to your OP
> again." - effectively forcing the user to go through a login screen
> (assuming they have one with their OP) twice.
>
> On the other hand, if they wouldn't have had a combined login screen
> (and this is up to individual OP's, but if we assume that most OP's
> will follow the "show user what information they're about to submit"
> guidelines previously mentioned on this list, the OP will have the
> same problem - it can't show this information to users until *it*
> (the OP!) knows who that user is, so it will have a separate login
> screen for SREG data anyway), and the RP just bounces the user right
> back at their OP, the UX is a littler slower and the underlying
> process is about twice as much, but the user thinks they never left
> their OP.

The Google OP will fail with setup_needed on checkid_immediate if it
needs to prompt the user (which includes the case when the attributes
have changed). So in principle, you could send checkid_immediate with
identity_select and no AX component, and if that does not work,
sending checkid_setup always with the AX component.

>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)

More information about the general mailing list