[OpenID] Google custom discovery

Santosh Rajan santrajan at gmail.com
Fri Jul 10 18:16:38 UTC 2009 

It could be the gmail username, and google profile usernames they dont clash.
Problem is only for Google employees who have google.com email addresses. :)

Eric Sachs wrote:
> 
> Only a subset of GoogleProfile users register a username, but yes, for
> those
> users that is the common request we get.
> 
> On Fri, Jul 10, 2009 at 10:46 AM, Santosh Rajan <santrajan at gmail.com>
> wrote:
> 
>>
>> Actually why dont you do discovery on
>> http://google.com/username
>> You can do that without clashing with your google.com namespace by only
>> responding to "Accept" header request with "application/XRD". That would
>> really make a killer OpenID.
>>
>>
>> Eric Sachs wrote:
>> >
>> > The feature in this area that we get more requests for is to support
>> > OpenID
>> > validation for the relatively new Google Profiles service, i.e.
>> > profiles.google.com, which is also a more memorable endpoint for users
>> to
>> > type :-).  That support is not yet available, but its definitely on the
>> > list.
>> > On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams
>> > <pwilliams at rapattoni.com>wrote:
>> >
>> >> Lets hope it prompts google to do much better: http://op. google.com:
>> >> forming the eminently typable "op.google.com".
>> >>
>> >> They might even have that redirect to http://google.com/op which they
>> >> might make an xri mount point to the I-brokered authority that serves
>> the
>> >> op
>> >> xrd/s. If their op is a real xri-labelled authority, a ref field in
>> the
>> >> sep
>> >> can even properly provide for delgated authorization of xrd files by
>> user
>> >> authorities (which openid auth hacks up as openid delegation, when
>> >> abusing
>> >> the semantics of the op local id field per jonny bufu's recent
>> message).
>> >>
>> >> I dont think its hard to meet professional security engineering
>> standards
>> >> within openid: just be complete about xri semantics (even when using
>> http
>> >> identifiers). We dont need custom extensions for discovery,
>> particularly
>> >> if
>> >> they project idp-centric vs user centric identity models.
>> >>
>> >> But lets wait and see how they are signing the xrd files (the way the
>> >> openxri server does it (per the standard), or "otherwise"). The
>> validity
>> >> logic for verifying that signature will tell us what class of trust
>> >> semantics they are working towards: google as ttp for attribute
>> sharing,
>> >> or
>> >> uci.
>> >>
>> >> ________________________________
>> >> From: Andrew Arnott <andrewarnott at gmail.com>
>> >> Sent: Thursday, July 09, 2009 8:30 PM
>> >> To: Peter Williams <pwilliams at rapattoni.com>
>> >> Cc: Eric Sachs <esachs at google.com>; general at openid.net
>> >> <general at openid.net>;
>> >> Paul Johnston <paj at pajhome.org.uk>
>> >> Subject: Re: [OpenID] What is my Google OpenID URL?
>> >>
>> >> Wow.  I'm going to have to use that tinyurl everywhere now. :-p
>> >>
>> >> --
>> >> Andrew Arnott
>> >> "I [may] not agree with what you have to say, but I'll defend to the
>> >> death
>> >> your right to say it." - S. G. Tallentyre
>> >>
>> >>
>> >> On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams
>> <pwilliams at rapattoni.com
>> >> <mailto:pwilliams at rapattoni.com>> wrote:
>> >> come  on google, it takes you 10s to have a redirector URL
>> >> (op.google.com<
>> >> http://op.google.com>, perhaps?) redirect to the
>> >> https://www.google.com/accounts/o8/id. Conforming RPs are require to
>> >> follow the redirect, before detecting that the XRD at that address is
>> an
>> >> law#4-capable OP, vs a user.
>> >>
>> >>
>> >> http://tinyurl.com/googop now produces
>> >> <?xml version="1.0" encoding="UTF-8" ?>
>> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>> <xrds:XRDS
>> >> xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
>> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <XRD>
>> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>> <Service
>> >> priority="0">
>> >>  <Type>http://specs.openid.net/auth/2.0/server</Type>
>> >>  <Type>http://openid.net/srv/ax/1.0</Type>
>> >>  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
>> >>  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
>> >>  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
>> >>  <URI>https://www.google.com/accounts/o8/ud</URI>
>> >>  </Service>
>> >>  </XRD>
>> >>
>> >> im sure google can do better than tinyurl.com<http://tinyurl.com>!
>> >>
>> >> How about op.google.com<http://op.google.com>?!
>> >>
>> >> ________________________________
>> >> From: general-bounces at openid.net<mailto:general-bounces at openid.net> [
>> >> general-bounces at openid.net<mailto:general-bounces at openid.net>] On
>> Behalf
>> >> Of Andrew Arnott [andrewarnott at gmail.com<mailto:andrewarnott at gmail.com
>> >]
>> >> Sent: Thursday, July 09, 2009 7:16 PM
>> >> To: Eric Sachs
>> >> Cc: general at openid.net<mailto:general at openid.net>; Paul Johnston
>> >> Subject: Re: [OpenID] What is my Google OpenID URL?
>> >>
>> >> Note that using your Blogger blog URL is not equivalent to using
>> >> https://www.google.com/accounts/o8/id.  Besides the user interface of
>> the
>> >> login experience being completely different, Blogger's Provider is
>> only
>> >> an
>> >> OpenID 1.1 provider, whereas Google's
>> >> https://www.google.com/accounts/o8/id OpenID Provider is a more secure
>> >> OpenID 2.0 provider.
>> >>
>> >> --
>> >> Andrew Arnott
>> >> "I [may] not agree with what you have to say, but I'll defend to the
>> >> death
>> >> your right to say it." - S. G. Tallentyre
>> >>
>> >>
>> >> On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <esachs at google.com<mailto:
>> >>
>> esachs at google.com><mailto:esachs at google.com<mailto:esachs at google.com>>>
>> >> wrote:
>> >> If you create a blog on Google's blogger service, then you can type
>> the
>> >> name of that blog into OpenID login boxes.
>> >>
>> >> If you are willing to be really geeky, type in
>> >> https://www.google.com/accounts/o8/id.  That points to the generic
>> Google
>> >> identity provider, and you will be redirected back with an opaque
>> >> identifier.  But we don't actually expect anyone to know to do that
>> which
>> >> is
>> >> why a lot of OpenID relying parties are supporting other user
>> interfaces
>> >> with buttons for Google.  For example, see
>> >> http://uservoice.com/session/new
>> >>
>> >> Similarly a lot of blogs allow you to comment and identify you with an
>> >> OpenID URL, and while you can try one of the tricks above, many of the
>> >> blog
>> >> commenting interfaces also include buttons (or the NASCAR style UI as
>> the
>> >> community likes to call it) to help users navigate their way through.
>> >>
>> >> On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston
>> >> <paj at pajhome.org.uk<mailto:
>> >>
>> paj at pajhome.org.uk><mailto:paj at pajhome.org.uk<mailto:paj at pajhome.org.uk
>> >>>
>> >> wrote:
>> >> Hi,
>> >>
>> >> I'm sorry for asking such an obvious question, but after considerable
>> >> time spent searching for this I am unable to figure this out.
>> >>
>> >> My google account name is paul.paj. I would like to login to
>> >> bitbucket.org<http://bitbucket.org><http://bitbucket.org> using
>> OpenID.
>> >> How do I do it?
>> >>
>> >> Paul
>> >> _______________________________________________
>> >> general mailing list
>> >>
>> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
>> >> <mailto:general at openid.net>>
>> >> http://openid.net/mailman/listinfo/general
>> >>
>> >>
>> >> _______________________________________________
>> >> general mailing list
>> >>
>> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
>> >> <mailto:general at openid.net>>
>> >> http://openid.net/mailman/listinfo/general
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> general mailing list
>> >> general at openid.net
>> >> http://openid.net/mailman/listinfo/general
>> >>
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> >
>>
>>
>> -----
>>
>> Santosh Rajan
>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> --
>> View this message in context:
>> http://www.nabble.com/Google-custom-discovery-tp24431509p24431923.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 


-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/Google-custom-discovery-tp24431509p24432348.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list