[OpenID] Proxying (with OpenSocial) through experimental.openid.net to promote OpenID

Peter Williams pwilliams at rapattoni.com
Mon Aug 10 04:08:08 UTC 2009 

What don't you like?

It's just like today in which one can have your google app mint openid
assertion (delegated to google cloud) which a ping identity server
maps to saml2 Assertion, whose rp processing is performed by a live
site (delegated to the Microsoft azure acs cloud) which does role/
privilege mapping into a wstrust assertion that your net app accesses
using the net4 identity interface, before issuing a formsauth cookie...


On Aug 9, 2009, at 7:10 PM, "SitG Admin" <sysadmin at shadowsinthegarden.com
 > wrote:

> Disclaimer: though I like this idea - it would be *neat* if users of
> a site that didn't even allow HTML headers to be inserted/set (but
> did support OpenSocial), could experiment with a watered-down version
> of OpenID ("fewer sites than the real OpenID!"), then begin
> collectively badgering the site owners to put in full OpenID for them
> - I'm horrified at its privacy implications.
>
> http://www.disruptiveconversations.com/2007/08/identitude---us.html
>
> That page has a good description of how identitu.de hosted a Facebook
> application that translated FB's authentication (through *their* API)
> into OpenID signals, so Facebook users could use their Identity there
> as a URI - but indirectly, of course, since it was actually a page at
> identitu.de which correlated with their Facebook page.
>
> Skeptical, anyone? Of course - because who was behind identitu.de?
> Anyone *we* knew? RP's would have to trust that person, too. I
> propose addressing this particular concern by asking the Foundation
> to host the proxy - under 'experimental', of course, because users
> *shouldn't* be looking upon this as a long-term solution, it should
> just be there to give them a taste of OpenID so they can talk their
> site into giving them the real thing.
>
> URI uniting would be a must for some RP's (otherwise users would lose
> all the data and privileges they had associated with their
> experimental.openid.net URI's when they switched to their site's
> official URI's), but that could be developed later on since there
> wouldn't be any immediate need for it.
>
> -Shade
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list