[OpenID] Google custom discovery

Santosh Rajan santrajan at gmail.com
Fri Jul 10 17:46:01 UTC 2009 

Actually why dont you do discovery on
http://google.com/username
You can do that without clashing with your google.com namespace by only
responding to "Accept" header request with "application/XRD". That would
really make a killer OpenID.


Eric Sachs wrote:
> 
> The feature in this area that we get more requests for is to support
> OpenID
> validation for the relatively new Google Profiles service, i.e.
> profiles.google.com, which is also a more memorable endpoint for users to
> type :-).  That support is not yet available, but its definitely on the
> list.
> On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams
> <pwilliams at rapattoni.com>wrote:
> 
>> Lets hope it prompts google to do much better: http://op. google.com:
>> forming the eminently typable "op.google.com".
>>
>> They might even have that redirect to http://google.com/op which they
>> might make an xri mount point to the I-brokered authority that serves the
>> op
>> xrd/s. If their op is a real xri-labelled authority, a ref field in the
>> sep
>> can even properly provide for delgated authorization of xrd files by user
>> authorities (which openid auth hacks up as openid delegation, when
>> abusing
>> the semantics of the op local id field per jonny bufu's recent message).
>>
>> I dont think its hard to meet professional security engineering standards
>> within openid: just be complete about xri semantics (even when using http
>> identifiers). We dont need custom extensions for discovery, particularly
>> if
>> they project idp-centric vs user centric identity models.
>>
>> But lets wait and see how they are signing the xrd files (the way the
>> openxri server does it (per the standard), or "otherwise"). The validity
>> logic for verifying that signature will tell us what class of trust
>> semantics they are working towards: google as ttp for attribute sharing,
>> or
>> uci.
>>
>> ________________________________
>> From: Andrew Arnott <andrewarnott at gmail.com>
>> Sent: Thursday, July 09, 2009 8:30 PM
>> To: Peter Williams <pwilliams at rapattoni.com>
>> Cc: Eric Sachs <esachs at google.com>; general at openid.net
>> <general at openid.net>;
>> Paul Johnston <paj at pajhome.org.uk>
>> Subject: Re: [OpenID] What is my Google OpenID URL?
>>
>> Wow.  I'm going to have to use that tinyurl everywhere now. :-p
>>
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to the
>> death
>> your right to say it." - S. G. Tallentyre
>>
>>
>> On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams <pwilliams at rapattoni.com
>> <mailto:pwilliams at rapattoni.com>> wrote:
>> come  on google, it takes you 10s to have a redirector URL
>> (op.google.com<
>> http://op.google.com>, perhaps?) redirect to the
>> https://www.google.com/accounts/o8/id. Conforming RPs are require to
>> follow the redirect, before detecting that the XRD at that address is an
>> law#4-capable OP, vs a user.
>>
>>
>> http://tinyurl.com/googop now produces
>> <?xml version="1.0" encoding="UTF-8" ?>
>> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <xrds:XRDS
>> xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
>> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <XRD>
>> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <Service
>> priority="0">
>>  <Type>http://specs.openid.net/auth/2.0/server</Type>
>>  <Type>http://openid.net/srv/ax/1.0</Type>
>>  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
>>  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
>>  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
>>  <URI>https://www.google.com/accounts/o8/ud</URI>
>>  </Service>
>>  </XRD>
>>
>> im sure google can do better than tinyurl.com<http://tinyurl.com>!
>>
>> How about op.google.com<http://op.google.com>?!
>>
>> ________________________________
>> From: general-bounces at openid.net<mailto:general-bounces at openid.net> [
>> general-bounces at openid.net<mailto:general-bounces at openid.net>] On Behalf
>> Of Andrew Arnott [andrewarnott at gmail.com<mailto:andrewarnott at gmail.com>]
>> Sent: Thursday, July 09, 2009 7:16 PM
>> To: Eric Sachs
>> Cc: general at openid.net<mailto:general at openid.net>; Paul Johnston
>> Subject: Re: [OpenID] What is my Google OpenID URL?
>>
>> Note that using your Blogger blog URL is not equivalent to using
>> https://www.google.com/accounts/o8/id.  Besides the user interface of the
>> login experience being completely different, Blogger's Provider is only
>> an
>> OpenID 1.1 provider, whereas Google's
>> https://www.google.com/accounts/o8/id OpenID Provider is a more secure
>> OpenID 2.0 provider.
>>
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to the
>> death
>> your right to say it." - S. G. Tallentyre
>>
>>
>> On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <esachs at google.com<mailto:
>> esachs at google.com><mailto:esachs at google.com<mailto:esachs at google.com>>>
>> wrote:
>> If you create a blog on Google's blogger service, then you can type the
>> name of that blog into OpenID login boxes.
>>
>> If you are willing to be really geeky, type in
>> https://www.google.com/accounts/o8/id.  That points to the generic Google
>> identity provider, and you will be redirected back with an opaque
>> identifier.  But we don't actually expect anyone to know to do that which
>> is
>> why a lot of OpenID relying parties are supporting other user interfaces
>> with buttons for Google.  For example, see
>> http://uservoice.com/session/new
>>
>> Similarly a lot of blogs allow you to comment and identify you with an
>> OpenID URL, and while you can try one of the tricks above, many of the
>> blog
>> commenting interfaces also include buttons (or the NASCAR style UI as the
>> community likes to call it) to help users navigate their way through.
>>
>> On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston
>> <paj at pajhome.org.uk<mailto:
>> paj at pajhome.org.uk><mailto:paj at pajhome.org.uk<mailto:paj at pajhome.org.uk>>>
>> wrote:
>> Hi,
>>
>> I'm sorry for asking such an obvious question, but after considerable
>> time spent searching for this I am unable to figure this out.
>>
>> My google account name is paul.paj. I would like to login to
>> bitbucket.org<http://bitbucket.org><http://bitbucket.org> using OpenID.
>> How do I do it?
>>
>> Paul
>> _______________________________________________
>> general mailing list
>> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
>> <mailto:general at openid.net>>
>> http://openid.net/mailman/listinfo/general
>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
>> <mailto:general at openid.net>>
>> http://openid.net/mailman/listinfo/general
>>
>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 


-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/Google-custom-discovery-tp24431509p24431923.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list