[OpenID] Windows Live ID OpenID CTP Status Update (August 2009)

Story Henry henry.story at bblfish.net
Sat Aug 29 18:55:20 UTC 2009 

By the way I have a video of me presenting foaf+ssl

- in 10 minutes at HAR
	http://blogs.sun.com/bblfish/entry/camping_and_hacking_at_har2009

- in 45 minutes at FrOSCon
	http://blogs.sun.com/bblfish/entry/froscon_the_free_and_open

Henry

On 29 Aug 2009, at 20:51, Story Henry wrote:

>
> On 29 Aug 2009, at 20:44, John Bradley wrote:
>
>> Using SSL client auth seemed like a good idea to me 10 years ago.
>>
>> Combining it with FOAF is interesting.
>>
>> I suspect that getting people at large to configure client certs is  
>> unlikely.
>
> It turns out that that is as easy as clicking a button. Firefox,  
> Safari and Opera use the until now undocumented keygen tag now in  
> html5
>
> http://dev.w3.org/html5/spec/Overview.html#the-keygen-element
>
> As I said you can try that with http://foaf.me
> 1. fill in the form
> 2. create your foaf file
> 3. click the create cert button
>
> foaf.me can be improoved a lot. But it shows the potential here.
>
> You can get the same with as keygen with ActiveX in IE. We are  
> looking for VB people to help us test that.
>
> Henry
>
>
>>
>> That was one of the things that lead to the development of  
>> Information cards.
>>
>> It is worth considering  amongst the options.  However I personally  
>> gave up on that approach a good while ago.
>>
>> John B.
>> On 29-Aug-09, at 2:27 PM, Story Henry wrote:
>>
>>> If you want one click authentication that works with most current  
>>> browsers, that does not require a username, nor a password, and  
>>> where the browser offers the user a popup to select his idenity  
>>> then have a look at foaf+ssl.
>>>
>>> http://esw.w3.org/topic/foaf+ssl
>>>
>>> An example implementation is http://foaf.me/
>>> which will create a certificate for you in Firefox, Safari and  
>>> Opera after you created your foaf file. (We could get IE to work  
>>> too but it requires a bit of ActiveX (no download required) hacking.
>>>
>>> Henry
>>>
>>> On 29 Aug 2009, at 20:21, John Bradley wrote:
>>>
>>>> I have never thought that training users to give out there email  
>>>> address to whoever asks for it is a good idea.
>>>>
>>>> I understand the attraction of using email address as it is the  
>>>> identifier that requires the least explanation.
>>>>
>>>> Would having someone enter there email or identity provider be  
>>>> too confusing for people.
>>>>
>>>> I always thought your me.yahoo.com was a good model.
>>>>
>>>> Where we are going to hit serious problems first is with services  
>>>> like openID for google domains, and OPX now from JainRain.
>>>>
>>>> The current NASCAR doesn't have enough space for thousands of OPs.
>>>>
>>>> One approach is to come up with a way for users to advertise to  
>>>> RP who there preferred providers are.
>>>> That way the RP can customize the UI more appropriately for the  
>>>> user.
>>>>
>>>> One approach would be a browser plugin that injects java script  
>>>> into the page.
>>>>
>>>> Another would be to have a centralized discovery service, that a  
>>>> RP could query via JS in the browser.
>>>> OP's would register themselves with the service.
>>>>
>>>> The latter certainly has privacy issues.
>>>>
>>>> John B.
>>>> On 29-Aug-09, at 12:42 PM, Allen Tom wrote:
>>>>
>>>>> How about if we ditch the OP buttons and just display this:
>>>>>
>>>>> Enter your email address or Profile URL: [...................]
>>>>>
>>>>> Allen
>>>>>
>>>>>
>>>>> John Bradley wrote:
>>>>>>
>>>>>>
>>>>>> A better UI is needed however.
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> general mailing list
>>>> general at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-general
>>>
>>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list