[OpenID] Google custom discovery

Eric Sachs esachs at google.com
Fri Jul 10 18:10:00 UTC 2009 

Only a subset of GoogleProfile users register a username, but yes, for those
users that is the common request we get.

On Fri, Jul 10, 2009 at 10:46 AM, Santosh Rajan <santrajan at gmail.com> wrote:

>
> Actually why dont you do discovery on
> http://google.com/username
> You can do that without clashing with your google.com namespace by only
> responding to "Accept" header request with "application/XRD". That would
> really make a killer OpenID.
>
>
> Eric Sachs wrote:
> >
> > The feature in this area that we get more requests for is to support
> > OpenID
> > validation for the relatively new Google Profiles service, i.e.
> > profiles.google.com, which is also a more memorable endpoint for users
> to
> > type :-).  That support is not yet available, but its definitely on the
> > list.
> > On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams
> > <pwilliams at rapattoni.com>wrote:
> >
> >> Lets hope it prompts google to do much better: http://op. google.com:
> >> forming the eminently typable "op.google.com".
> >>
> >> They might even have that redirect to http://google.com/op which they
> >> might make an xri mount point to the I-brokered authority that serves
> the
> >> op
> >> xrd/s. If their op is a real xri-labelled authority, a ref field in the
> >> sep
> >> can even properly provide for delgated authorization of xrd files by
> user
> >> authorities (which openid auth hacks up as openid delegation, when
> >> abusing
> >> the semantics of the op local id field per jonny bufu's recent message).
> >>
> >> I dont think its hard to meet professional security engineering
> standards
> >> within openid: just be complete about xri semantics (even when using
> http
> >> identifiers). We dont need custom extensions for discovery, particularly
> >> if
> >> they project idp-centric vs user centric identity models.
> >>
> >> But lets wait and see how they are signing the xrd files (the way the
> >> openxri server does it (per the standard), or "otherwise"). The validity
> >> logic for verifying that signature will tell us what class of trust
> >> semantics they are working towards: google as ttp for attribute sharing,
> >> or
> >> uci.
> >>
> >> ________________________________
> >> From: Andrew Arnott <andrewarnott at gmail.com>
> >> Sent: Thursday, July 09, 2009 8:30 PM
> >> To: Peter Williams <pwilliams at rapattoni.com>
> >> Cc: Eric Sachs <esachs at google.com>; general at openid.net
> >> <general at openid.net>;
> >> Paul Johnston <paj at pajhome.org.uk>
> >> Subject: Re: [OpenID] What is my Google OpenID URL?
> >>
> >> Wow.  I'm going to have to use that tinyurl everywhere now. :-p
> >>
> >> --
> >> Andrew Arnott
> >> "I [may] not agree with what you have to say, but I'll defend to the
> >> death
> >> your right to say it." - S. G. Tallentyre
> >>
> >>
> >> On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams <pwilliams at rapattoni.com
> >> <mailto:pwilliams at rapattoni.com>> wrote:
> >> come  on google, it takes you 10s to have a redirector URL
> >> (op.google.com<
> >> http://op.google.com>, perhaps?) redirect to the
> >> https://www.google.com/accounts/o8/id. Conforming RPs are require to
> >> follow the redirect, before detecting that the XRD at that address is an
> >> law#4-capable OP, vs a user.
> >>
> >>
> >> http://tinyurl.com/googop now produces
> >> <?xml version="1.0" encoding="UTF-8" ?>
> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
> <xrds:XRDS
> >> xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <XRD>
> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <Service
> >> priority="0">
> >>  <Type>http://specs.openid.net/auth/2.0/server</Type>
> >>  <Type>http://openid.net/srv/ax/1.0</Type>
> >>  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
> >>  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
> >>  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
> >>  <URI>https://www.google.com/accounts/o8/ud</URI>
> >>  </Service>
> >>  </XRD>
> >>
> >> im sure google can do better than tinyurl.com<http://tinyurl.com>!
> >>
> >> How about op.google.com<http://op.google.com>?!
> >>
> >> ________________________________
> >> From: general-bounces at openid.net<mailto:general-bounces at openid.net> [
> >> general-bounces at openid.net<mailto:general-bounces at openid.net>] On
> Behalf
> >> Of Andrew Arnott [andrewarnott at gmail.com<mailto:andrewarnott at gmail.com
> >]
> >> Sent: Thursday, July 09, 2009 7:16 PM
> >> To: Eric Sachs
> >> Cc: general at openid.net<mailto:general at openid.net>; Paul Johnston
> >> Subject: Re: [OpenID] What is my Google OpenID URL?
> >>
> >> Note that using your Blogger blog URL is not equivalent to using
> >> https://www.google.com/accounts/o8/id.  Besides the user interface of
> the
> >> login experience being completely different, Blogger's Provider is only
> >> an
> >> OpenID 1.1 provider, whereas Google's
> >> https://www.google.com/accounts/o8/id OpenID Provider is a more secure
> >> OpenID 2.0 provider.
> >>
> >> --
> >> Andrew Arnott
> >> "I [may] not agree with what you have to say, but I'll defend to the
> >> death
> >> your right to say it." - S. G. Tallentyre
> >>
> >>
> >> On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <esachs at google.com<mailto:
> >> esachs at google.com><mailto:esachs at google.com<mailto:esachs at google.com>>>
> >> wrote:
> >> If you create a blog on Google's blogger service, then you can type the
> >> name of that blog into OpenID login boxes.
> >>
> >> If you are willing to be really geeky, type in
> >> https://www.google.com/accounts/o8/id.  That points to the generic
> Google
> >> identity provider, and you will be redirected back with an opaque
> >> identifier.  But we don't actually expect anyone to know to do that
> which
> >> is
> >> why a lot of OpenID relying parties are supporting other user interfaces
> >> with buttons for Google.  For example, see
> >> http://uservoice.com/session/new
> >>
> >> Similarly a lot of blogs allow you to comment and identify you with an
> >> OpenID URL, and while you can try one of the tricks above, many of the
> >> blog
> >> commenting interfaces also include buttons (or the NASCAR style UI as
> the
> >> community likes to call it) to help users navigate their way through.
> >>
> >> On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston
> >> <paj at pajhome.org.uk<mailto:
> >> paj at pajhome.org.uk><mailto:paj at pajhome.org.uk<mailto:paj at pajhome.org.uk
> >>>
> >> wrote:
> >> Hi,
> >>
> >> I'm sorry for asking such an obvious question, but after considerable
> >> time spent searching for this I am unable to figure this out.
> >>
> >> My google account name is paul.paj. I would like to login to
> >> bitbucket.org<http://bitbucket.org><http://bitbucket.org> using OpenID.
> >> How do I do it?
> >>
> >> Paul
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
> >> <mailto:general at openid.net>>
> >> http://openid.net/mailman/listinfo/general
> >>
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
> >> <mailto:general at openid.net>>
> >> http://openid.net/mailman/listinfo/general
> >>
> >>
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
>
> -----
>
> Santosh Rajan
> http://santrajan.blogspot.com http://santrajan.blogspot.com
> --
> View this message in context:
> http://www.nabble.com/Google-custom-discovery-tp24431509p24431923.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090710/f3a681e7/attachment.htm>

More information about the general mailing list