[OpenID] Google Removes Relying Party Pre-Registration
Chris Messina
chris.messina at gmail.com
Thu Oct 30 23:32:42 UTC 2008
I wrote up a quick sketch of an idea in response to Eric's description
of the problem with the OAuth flow for desktop/mobile apps:
http://factoryjoe.com/blog/2008/10/30/lightweight-access-pins-a-modest-proposal-for-enabling-openid-in-desktop-and-mobile-apps/
Food for thought. Comments welcome!
Chris
On Fri, Oct 31, 2008 at 7:20 AM, David Recordon <drecordon at sixapart.com> wrote:
> From
> http://google-code-updates.blogspot.com/2008/10/moving-another-step-closer-to-single.html
>
> Moving another step closer to single-sign on
>
> Thursday, October 30, 2008
>
> By Eric Sachs, Google Security Team
> One other question that a lot of people asked yesterday is when a large
> provider like Google will become a relying party. There is one big problem
> that stands in the way of doing that, but fortunately it is more of a
> technology problem than a usability issue. That problem is that rich-client
> apps (desktop apps and mobile apps) are hard-coded to ask a user for their
> username and password. As an example, all Google rich-client apps would
> break if we supported federated login for our consumer users, and in fact
> they do break for the large number of our enterprise E-mail
> outsourcing customers who run their own identity provider, and for which
> Google is a relying party today. This problem with rich-client apps also
> affects other sites like Plaxo who are already relying parties.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
--
Chris Messina
Citizen-Participant &
Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
More information about the general
mailing list