[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

John Bradley john.bradley at wingaa.com
Sat Aug 29 18:44:09 UTC 2009 

Using SSL client auth seemed like a good idea to me 10 years ago.

Combining it with FOAF is interesting.

I suspect that getting people at large to configure client certs is  
unlikely.

That was one of the things that lead to the development of Information  
cards.

It is worth considering  amongst the options.  However I personally  
gave up on that approach a good while ago.

John B.
On 29-Aug-09, at 2:27 PM, Story Henry wrote:

> If you want one click authentication that works with most current  
> browsers, that does not require a username, nor a password, and  
> where the browser offers the user a popup to select his idenity then  
> have a look at foaf+ssl.
>
> http://esw.w3.org/topic/foaf+ssl
>
> An example implementation is http://foaf.me/
> which will create a certificate for you in Firefox, Safari and Opera  
> after you created your foaf file. (We could get IE to work too but  
> it requires a bit of ActiveX (no download required) hacking.
>
> Henry
>
> On 29 Aug 2009, at 20:21, John Bradley wrote:
>
>> I have never thought that training users to give out there email  
>> address to whoever asks for it is a good idea.
>>
>> I understand the attraction of using email address as it is the  
>> identifier that requires the least explanation.
>>
>> Would having someone enter there email or identity provider be too  
>> confusing for people.
>>
>> I always thought your me.yahoo.com was a good model.
>>
>> Where we are going to hit serious problems first is with services  
>> like openID for google domains, and OPX now from JainRain.
>>
>> The current NASCAR doesn't have enough space for thousands of OPs.
>>
>> One approach is to come up with a way for users to advertise to RP  
>> who there preferred providers are.
>> That way the RP can customize the UI more appropriately for the user.
>>
>> One approach would be a browser plugin that injects java script  
>> into the page.
>>
>> Another would be to have a centralized discovery service, that a RP  
>> could query via JS in the browser.
>> OP's would register themselves with the service.
>>
>> The latter certainly has privacy issues.
>>
>> John B.
>> On 29-Aug-09, at 12:42 PM, Allen Tom wrote:
>>
>>> How about if we ditch the OP buttons and just display this:
>>>
>>> Enter your email address or Profile URL: [...................]
>>>
>>> Allen
>>>
>>>
>>> John Bradley wrote:
>>>>
>>>>
>>>> A better UI is needed however.
>>>>
>>>
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>

More information about the general mailing list