[OpenID] Google custom discovery

Fri Jul 10 18:20:31 UTC 2009

There is already a proposal for this called webfinger:
http://www.abstractioneer.org/

It leverages the LRDD proposal to provide a generic mechanism for email
addresses, xmpp addresses, etc.

On Fri, Jul 10, 2009 at 11:16 AM, Santosh Rajan <santrajan at gmail.com> wrote:

>
> It could be the gmail username, and google profile usernames they dont
> clash.
> Problem is only for Google employees who have google.com email addresses.
> :)
>
> Eric Sachs wrote:
> >
> > Only a subset of GoogleProfile users register a username, but yes, for
> > those
> > users that is the common request we get.
> >
> > On Fri, Jul 10, 2009 at 10:46 AM, Santosh Rajan <santrajan at gmail.com>
> > wrote:
> >
> >>
> >> Actually why dont you do discovery on
> >> http://google.com/username
> >> You can do that without clashing with your google.com namespace by only
> >> responding to "Accept" header request with "application/XRD". That would
> >> really make a killer OpenID.
> >>
> >>
> >> Eric Sachs wrote:
> >> >
> >> > The feature in this area that we get more requests for is to support
> >> > OpenID
> >> > validation for the relatively new Google Profiles service, i.e.
> >> > profiles.google.com, which is also a more memorable endpoint for
> users
> >> to
> >> > type :-).  That support is not yet available, but its definitely on
> the
> >> > list.
> >> > On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams
> >> > <pwilliams at rapattoni.com>wrote:
> >> >
> >> >> Lets hope it prompts google to do much better: http://op. google.com
> :
> >> >> forming the eminently typable "op.google.com".
> >> >>
> >> >> They might even have that redirect to http://google.com/op which
> they
> >> >> might make an xri mount point to the I-brokered authority that serves
> >> the
> >> >> op
> >> >> xrd/s. If their op is a real xri-labelled authority, a ref field in
> >> the
> >> >> sep
> >> >> can even properly provide for delgated authorization of xrd files by
> >> user
> >> >> authorities (which openid auth hacks up as openid delegation, when
> >> >> abusing
> >> >> the semantics of the op local id field per jonny bufu's recent
> >> message).
> >> >>
> >> >> I dont think its hard to meet professional security engineering
> >> standards
> >> >> within openid: just be complete about xri semantics (even when using
> >> http
> >> >> identifiers). We dont need custom extensions for discovery,
> >> particularly
> >> >> if
> >> >> they project idp-centric vs user centric identity models.
> >> >>
> >> >> But lets wait and see how they are signing the xrd files (the way the
> >> >> openxri server does it (per the standard), or "otherwise"). The
> >> validity
> >> >> logic for verifying that signature will tell us what class of trust
> >> >> semantics they are working towards: google as ttp for attribute
> >> sharing,
> >> >> or
> >> >> uci.
> >> >>
> >> >> ________________________________
> >> >> From: Andrew Arnott <andrewarnott at gmail.com>
> >> >> Sent: Thursday, July 09, 2009 8:30 PM
> >> >> To: Peter Williams <pwilliams at rapattoni.com>
> >> >> Cc: Eric Sachs <esachs at google.com>; general at openid.net
> >> >> <general at openid.net>;
> >> >> Paul Johnston <paj at pajhome.org.uk>
> >> >> Subject: Re: [OpenID] What is my Google OpenID URL?
> >> >>
> >> >> Wow.  I'm going to have to use that tinyurl everywhere now. :-p
> >> >>
> >> >> --
> >> >> Andrew Arnott
> >> >> "I [may] not agree with what you have to say, but I'll defend to the
> >> >> death
> >> >> your right to say it." - S. G. Tallentyre
> >> >>
> >> >>
> >> >> On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams
> >> <pwilliams at rapattoni.com
> >> >> <mailto:pwilliams at rapattoni.com>> wrote:
> >> >> come  on google, it takes you 10s to have a redirector URL
> >> >> (op.google.com<
> >> >> http://op.google.com>, perhaps?) redirect to the
> >> >> https://www.google.com/accounts/o8/id. Conforming RPs are require to
> >> >> follow the redirect, before detecting that the XRD at that address is
> >> an
> >> >> law#4-capable OP, vs a user.
> >> >>
> >> >>
> >> >> http://tinyurl.com/googop now produces
> >> >> <?xml version="1.0" encoding="UTF-8" ?>
> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
> >> <xrds:XRDS
> >> >> xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <XRD>
> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
> >> <Service
> >> >> priority="0">
> >> >>  <Type>http://specs.openid.net/auth/2.0/server</Type>
> >> >>  <Type>http://openid.net/srv/ax/1.0</Type>
> >> >>  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
> >> >>  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
> >> >>  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
> >> >>  <URI>https://www.google.com/accounts/o8/ud</URI>
> >> >>  </Service>
> >> >>  </XRD>
> >> >>
> >> >> im sure google can do better than tinyurl.com<http://tinyurl.com>!
> >> >>
> >> >> How about op.google.com<http://op.google.com>?!
> >> >>
> >> >> ________________________________
> >> >> From: general-bounces at openid.net<mailto:general-bounces at openid.net>
> [
> >> >> general-bounces at openid.net<mailto:general-bounces at openid.net>] On
> >> Behalf
> >> >> Of Andrew Arnott [andrewarnott at gmail.com<mailto:
> andrewarnott at gmail.com
> >> >]
> >> >> Sent: Thursday, July 09, 2009 7:16 PM
> >> >> To: Eric Sachs
> >> >> Cc: general at openid.net<mailto:general at openid.net>; Paul Johnston
> >> >> Subject: Re: [OpenID] What is my Google OpenID URL?
> >> >>
> >> >> Note that using your Blogger blog URL is not equivalent to using
> >> >> https://www.google.com/accounts/o8/id.  Besides the user interface
> of
> >> the
> >> >> login experience being completely different, Blogger's Provider is
> >> only
> >> >> an
> >> >> OpenID 1.1 provider, whereas Google's
> >> >> https://www.google.com/accounts/o8/id OpenID Provider is a more
> secure
> >> >> OpenID 2.0 provider.
> >> >>
> >> >> --
> >> >> Andrew Arnott
> >> >> "I [may] not agree with what you have to say, but I'll defend to the
> >> >> death
> >> >> your right to say it." - S. G. Tallentyre
> >> >>
> >> >>
> >> >> On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <esachs at google.com
> <mailto:
> >> >>
> >> esachs at google.com><mailto:esachs at google.com<mailto:esachs at google.com>>>
> >> >> wrote:
> >> >> If you create a blog on Google's blogger service, then you can type
> >> the
> >> >> name of that blog into OpenID login boxes.
> >> >>
> >> >> If you are willing to be really geeky, type in
> >> >> https://www.google.com/accounts/o8/id.  That points to the generic
> >> Google
> >> >> identity provider, and you will be redirected back with an opaque
> >> >> identifier.  But we don't actually expect anyone to know to do that
> >> which
> >> >> is
> >> >> why a lot of OpenID relying parties are supporting other user
> >> interfaces
> >> >> with buttons for Google.  For example, see
> >> >> http://uservoice.com/session/new
> >> >>
> >> >> Similarly a lot of blogs allow you to comment and identify you with
> an
> >> >> OpenID URL, and while you can try one of the tricks above, many of
> the
> >> >> blog
> >> >> commenting interfaces also include buttons (or the NASCAR style UI as
> >> the
> >> >> community likes to call it) to help users navigate their way through.
> >> >>
> >> >> On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston
> >> >> <paj at pajhome.org.uk<mailto:
> >> >>
> >> paj at pajhome.org.uk><mailto:paj at pajhome.org.uk<mailto:paj at pajhome.org.uk
> >> >>>
> >> >> wrote:
> >> >> Hi,
> >> >>
> >> >> I'm sorry for asking such an obvious question, but after considerable
> >> >> time spent searching for this I am unable to figure this out.
> >> >>
> >> >> My google account name is paul.paj. I would like to login to
> >> >> bitbucket.org<http://bitbucket.org><http://bitbucket.org> using
> >> OpenID.
> >> >> How do I do it?
> >> >>
> >> >> Paul
> >> >> _______________________________________________
> >> >> general mailing list
> >> >>
> >> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
> >> >> <mailto:general at openid.net>>
> >> >> http://openid.net/mailman/listinfo/general
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> general mailing list
> >> >>
> >> general at openid.net<mailto:general at openid.net><mailto:general at openid.net
> >> >> <mailto:general at openid.net>>
> >> >> http://openid.net/mailman/listinfo/general
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> general mailing list
> >> >> general at openid.net
> >> >> http://openid.net/mailman/listinfo/general
> >> >>
> >> >
> >> > _______________________________________________
> >> > general mailing list
> >> > general at openid.net
> >> > http://openid.net/mailman/listinfo/general
> >> >
> >> >
> >>
> >>
> >> -----
> >>
> >> Santosh Rajan
> >> http://santrajan.blogspot.com http://santrajan.blogspot.com
> >> --
> >> View this message in context:
> >> http://www.nabble.com/Google-custom-discovery-tp24431509p24431923.html
> >> Sent from the OpenID - General mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
>
> -----
>
> Santosh Rajan
> http://santrajan.blogspot.com http://santrajan.blogspot.com
> --
> View this message in context:
> http://www.nabble.com/Google-custom-discovery-tp24431509p24432348.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>

-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090710/2bf198e3/attachment.htm>