[OpenID] User-editable XRDS files?

Peter Williams pwilliams at rapattoni.com
Fri Feb 6 00:41:46 UTC 2009 

And the final steps...

Copy the result to some simple public file store outside of the control of the OP.


But the idea of a user (vs OP) process controlling which XRDS stream is given to an RP based on its ip/domain-name is very appealing. That is.. only send those service elements you want the RP to work with.

The user [process] can dynamically sign the XRDS too.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Martin Atkins
> Sent: Thursday, February 05, 2009 4:01 PM
> To: OpenID List
> Subject: Re: [OpenID] User-editable XRDS files?
>
> Johannes Ernst wrote:
> > Which OpenID providers do you know of that let users edit their XRDS
> > files? E.g. to add additional OpenID providers, portable contact
> > providers etc.?
> >
> > I came up empty, so I figured I ask.
> >
> > For OpenID providers: why do you / do you not let your users edit
> those
> > files? (Preferably with a nice GUI on top)
> >
>
> This got me thinking about what the user experience for editing XRDS
> might be.
>
> I think it's clear that whatever UX we end up with will never show XML
> to the user, nor use the term XRDS.
>
> Here's a strawman:
>
> * OP notes (in the user's XRDS document) that it supports custom XRDS
> services.
>
> * The PortableContacts provider ("SP") has the user log in with OpenID,
> and it does discovery. It detects that the OP supports XRDS services.
>
> * SP does an OpenID Authentication request with an OpenID extension
> that
> allows it to describe (in some way to be determined) what services it
> can provide for the user.
>
> * As part of sign-in approval, the OP asks the user to confirm the
> addition of the new services.
>
> * If the user agrees, the OP stores the information and henceforth
> includes it in the user's XRDS document.
>
> There would presumably also be some UI at the OP to allow the user to
> remove services he no longer wants.
>
> The user experience is somewhat like the "add/install an application"
> flow that users are becoming accustomed to, but the result is an edit
> of
> the XRDS document rather than the issuing of an OAuth access token. As
> far as the user is concerned, he is "installing" the SP into his OpenID
> account.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list