[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

Story Henry henry.story at bblfish.net
Sat Aug 29 18:51:47 UTC 2009 

On 29 Aug 2009, at 20:44, John Bradley wrote:

> Using SSL client auth seemed like a good idea to me 10 years ago.
>
> Combining it with FOAF is interesting.
>
> I suspect that getting people at large to configure client certs is  
> unlikely.

It turns out that that is as easy as clicking a button. Firefox,  
Safari and Opera use the until now undocumented keygen tag now in html5

http://dev.w3.org/html5/spec/Overview.html#the-keygen-element

As I said you can try that with http://foaf.me
1. fill in the form
2. create your foaf file
3. click the create cert button

foaf.me can be improoved a lot. But it shows the potential here.

You can get the same with as keygen with ActiveX in IE. We are looking  
for VB people to help us test that.

Henry


>
> That was one of the things that lead to the development of  
> Information cards.
>
> It is worth considering  amongst the options.  However I personally  
> gave up on that approach a good while ago.
>
> John B.
> On 29-Aug-09, at 2:27 PM, Story Henry wrote:
>
>> If you want one click authentication that works with most current  
>> browsers, that does not require a username, nor a password, and  
>> where the browser offers the user a popup to select his idenity  
>> then have a look at foaf+ssl.
>>
>> http://esw.w3.org/topic/foaf+ssl
>>
>> An example implementation is http://foaf.me/
>> which will create a certificate for you in Firefox, Safari and  
>> Opera after you created your foaf file. (We could get IE to work  
>> too but it requires a bit of ActiveX (no download required) hacking.
>>
>> Henry
>>
>> On 29 Aug 2009, at 20:21, John Bradley wrote:
>>
>>> I have never thought that training users to give out there email  
>>> address to whoever asks for it is a good idea.
>>>
>>> I understand the attraction of using email address as it is the  
>>> identifier that requires the least explanation.
>>>
>>> Would having someone enter there email or identity provider be too  
>>> confusing for people.
>>>
>>> I always thought your me.yahoo.com was a good model.
>>>
>>> Where we are going to hit serious problems first is with services  
>>> like openID for google domains, and OPX now from JainRain.
>>>
>>> The current NASCAR doesn't have enough space for thousands of OPs.
>>>
>>> One approach is to come up with a way for users to advertise to RP  
>>> who there preferred providers are.
>>> That way the RP can customize the UI more appropriately for the  
>>> user.
>>>
>>> One approach would be a browser plugin that injects java script  
>>> into the page.
>>>
>>> Another would be to have a centralized discovery service, that a  
>>> RP could query via JS in the browser.
>>> OP's would register themselves with the service.
>>>
>>> The latter certainly has privacy issues.
>>>
>>> John B.
>>> On 29-Aug-09, at 12:42 PM, Allen Tom wrote:
>>>
>>>> How about if we ditch the OP buttons and just display this:
>>>>
>>>> Enter your email address or Profile URL: [...................]
>>>>
>>>> Allen
>>>>
>>>>
>>>> John Bradley wrote:
>>>>>
>>>>>
>>>>> A better UI is needed however.
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-general
>>
>

More information about the general mailing list