[OpenID] User-editable XRDS files?
Martin Atkins
mart at degeneration.co.uk
Fri Feb 6 00:00:46 UTC 2009
Johannes Ernst wrote:
> Which OpenID providers do you know of that let users edit their XRDS
> files? E.g. to add additional OpenID providers, portable contact
> providers etc.?
>
> I came up empty, so I figured I ask.
>
> For OpenID providers: why do you / do you not let your users edit those
> files? (Preferably with a nice GUI on top)
>
This got me thinking about what the user experience for editing XRDS
might be.
I think it's clear that whatever UX we end up with will never show XML
to the user, nor use the term XRDS.
Here's a strawman:
* OP notes (in the user's XRDS document) that it supports custom XRDS
services.
* The PortableContacts provider ("SP") has the user log in with OpenID,
and it does discovery. It detects that the OP supports XRDS services.
* SP does an OpenID Authentication request with an OpenID extension that
allows it to describe (in some way to be determined) what services it
can provide for the user.
* As part of sign-in approval, the OP asks the user to confirm the
addition of the new services.
* If the user agrees, the OP stores the information and henceforth
includes it in the user's XRDS document.
There would presumably also be some UI at the OP to allow the user to
remove services he no longer wants.
The user experience is somewhat like the "add/install an application"
flow that users are becoming accustomed to, but the result is an edit of
the XRDS document rather than the issuing of an OAuth access token. As
far as the user is concerned, he is "installing" the SP into his OpenID
account.
More information about the general
mailing list