[OpenID] Google OpenID IDP is now live

Ben Laurie benl at google.com
Fri Oct 31 13:58:58 UTC 2008 

On Wed, Oct 29, 2008 at 9:05 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>
> On 29-Oct-08, at 12:25 PM, Eric Sachs wrote:
>
>>> I hope I'm misunderstanding what you are saying and that you support the
>>> standard.
>>> That's the hub and spoke model, pretending to be an open system.
> Hopefully my follow on post clarified Dick & Peter's questions.
> In fact, one of the questions I raised at the UX summit last week was how an
> E-mail outsourcing services like our GoogleAppsForYourDomain could offer
> this type of OpenID IDP as a service to those domains.  Since we host
> thousands of such domains, the auto-discovery aspects of OpenID are key.
>  However the challenge we face is how to avoid lock-in.  In particular, we
> need a way for an enterprise/ISP/school/etc. to start using our IDP, but
> later move it somewhere else without breaking federated login for their
> users.  Similarly, they should be able to run their own and then migrate it
> to us.  OpenID provides a great set of abstraction layers to make this
> possible, however there is still a lot more research we need to do into the
> actual mechanics of getting that to work.
>
> Let the user type in their domain name and have the XRDS record point to a
> Google operated OP entry point. Could even have the domain in the path so
> that Google has an idea which domain it is. This way they can move to
> running their own OP or another OP and have the XRDS point somewhere else.
> If they point the DNS entry to Google, Google can setup the XRDS for them.
> Not sure I see what is complicated about this. Can you enlighten me about
> what I am missing?

Are you suggesting that Google would serve an opaque ID in the user's domain?

> wrt. the UX issues. Yes, there are issues -- and we should develop some
> additional standards / conventions to address them -- but I don't see why
> that prevents you from supporting how the protocol works today.
> -- Dick
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

More information about the general mailing list