[OpenID] typepads interesting service for leaving comments; per synonym delegation of OPs

Peter Williams pwilliams at rapattoni.com
Wed Aug 26 15:18:33 UTC 2009 

http://aws.typepad.com/aws/2009/08/introducing-amazon-virtual-private-cloud-vpc.html has a signin form. Rather than "sign" a comment, you just login to the commenting system (and can logout). Unlike google blogging, you don't need to have/retain a blog-side account.

So, I signed in.

First with home_pw.myopenid.com (using my good ol myopenid account).

Second with http://xri.net/@blog*lockbox (the url form of my good ol XRI from freexri.com).

The really interesting part was the second login.


a.       The freexri.com OP UX notes the cid, and asks me to confirm that this long number is my identity. ( I just said yes, like the average consumer will). After all, this is all the OP knows about me, on the typepad site, by design.



b.      After Openid Auth is all done, the commenting form then views me as: contact.freexri.com/contact/@blog*lockbox<mailto:contact.freexri.com/contact/@blog*lockbox> - a URL that presumably folks can use to followup with me about my own rant (seeing as the site is a messaging frontend to my (hidden) emailbox).

Im not real competent enough in XRI and SEP selection parameters to know... but I half believe that if I fiddle around with my XRD enough I - the user! - can actually control the URL shown in (b).

We are almost there! This was  viable, mainstream and has UCI (vs fb-style) features that were generally comprehensible. They gave me what I USED TO THINK OPENID WAS ALL ABOUT (a bit of autonomy from providers).

It also revealed a feature that I don't understand. The XRI variant identity WAS SUPPOSED to do delegation to myopenid rather than the XRI server showing its own login page as an OP. And, it USED TO WORK.

When I look at the config of my XRD (at my freexri.com site), I note:

This i-service [openid] is bound to this specific XRI instead of its authority. This means that it will not be shared by synonyms of this XRI."

Im GUESSING that since the openid consumer focused (per the spec) on the XRI cid rather than XRI synonym I used, the rules in my XRD mean that typepad RP does NOT detect that I have delegation armed (for that synonym).



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090826/cd728617/attachment.htm>

More information about the general mailing list