[OpenID] Google custom discovery

Breno de Medeiros breno at google.com
Fri Jul 10 18:21:36 UTC 2009 

Actually, the better link is:
http://www.abstractioneer.org/2009/04/personal-web-discovery.html

and the linked posts in hueniverse.org

On Fri, Jul 10, 2009 at 11:20 AM, Breno de Medeiros <breno at google.com>wrote:

> There is already a proposal for this called webfinger:
> http://www.abstractioneer.org/
>
> It leverages the LRDD proposal to provide a generic mechanism for email
> addresses, xmpp addresses, etc.
>
>
> On Fri, Jul 10, 2009 at 11:16 AM, Santosh Rajan <santrajan at gmail.com>wrote:
>
>>
>> It could be the gmail username, and google profile usernames they dont
>> clash.
>> Problem is only for Google employees who have google.com email addresses.
>> :)
>>
>> Eric Sachs wrote:
>> >
>> > Only a subset of GoogleProfile users register a username, but yes, for
>> > those
>> > users that is the common request we get.
>> >
>> > On Fri, Jul 10, 2009 at 10:46 AM, Santosh Rajan <santrajan at gmail.com>
>> > wrote:
>> >
>> >>
>> >> Actually why dont you do discovery on
>> >> http://google.com/username
>> >> You can do that without clashing with your google.com namespace by
>> only
>> >> responding to "Accept" header request with "application/XRD". That
>> would
>> >> really make a killer OpenID.
>> >>
>> >>
>> >> Eric Sachs wrote:
>> >> >
>> >> > The feature in this area that we get more requests for is to support
>> >> > OpenID
>> >> > validation for the relatively new Google Profiles service, i.e.
>> >> > profiles.google.com, which is also a more memorable endpoint for
>> users
>> >> to
>> >> > type :-).  That support is not yet available, but its definitely on
>> the
>> >> > list.
>> >> > On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams
>> >> > <pwilliams at rapattoni.com>wrote:
>> >> >
>> >> >> Lets hope it prompts google to do much better: http://op.
>> google.com:
>> >> >> forming the eminently typable "op.google.com".
>> >> >>
>> >> >> They might even have that redirect to http://google.com/op which
>> they
>> >> >> might make an xri mount point to the I-brokered authority that
>> serves
>> >> the
>> >> >> op
>> >> >> xrd/s. If their op is a real xri-labelled authority, a ref field in
>> >> the
>> >> >> sep
>> >> >> can even properly provide for delgated authorization of xrd files by
>> >> user
>> >> >> authorities (which openid auth hacks up as openid delegation, when
>> >> >> abusing
>> >> >> the semantics of the op local id field per jonny bufu's recent
>> >> message).
>> >> >>
>> >> >> I dont think its hard to meet professional security engineering
>> >> standards
>> >> >> within openid: just be complete about xri semantics (even when using
>> >> http
>> >> >> identifiers). We dont need custom extensions for discovery,
>> >> particularly
>> >> >> if
>> >> >> they project idp-centric vs user centric identity models.
>> >> >>
>> >> >> But lets wait and see how they are signing the xrd files (the way
>> the
>> >> >> openxri server does it (per the standard), or "otherwise"). The
>> >> validity
>> >> >> logic for verifying that signature will tell us what class of trust
>> >> >> semantics they are working towards: google as ttp for attribute
>> >> sharing,
>> >> >> or
>> >> >> uci.
>> >> >>
>> >> >> ________________________________
>> >> >> From: Andrew Arnott <andrewarnott at gmail.com>
>> >> >> Sent: Thursday, July 09, 2009 8:30 PM
>> >> >> To: Peter Williams <pwilliams at rapattoni.com>
>> >> >> Cc: Eric Sachs <esachs at google.com>; general at openid.net
>> >> >> <general at openid.net>;
>> >> >> Paul Johnston <paj at pajhome.org.uk>
>> >> >> Subject: Re: [OpenID] What is my Google OpenID URL?
>> >> >>
>> >> >> Wow.  I'm going to have to use that tinyurl everywhere now. :-p
>> >> >>
>> >> >> --
>> >> >> Andrew Arnott
>> >> >> "I [may] not agree with what you have to say, but I'll defend to the
>> >> >> death
>> >> >> your right to say it." - S. G. Tallentyre
>> >> >>
>> >> >>
>> >> >> On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams
>> >> <pwilliams at rapattoni.com
>> >> >> <mailto:pwilliams at rapattoni.com>> wrote:
>> >> >> come  on google, it takes you 10s to have a redirector URL
>> >> >> (op.google.com<
>> >> >> http://op.google.com>, perhaps?) redirect to the
>> >> >> https://www.google.com/accounts/o8/id. Conforming RPs are require
>> to
>> >> >> follow the redirect, before detecting that the XRD at that address
>> is
>> >> an
>> >> >> law#4-capable OP, vs a user.
>> >> >>
>> >> >>
>> >> >> http://tinyurl.com/googop now produces
>> >> >> <?xml version="1.0" encoding="UTF-8" ?>
>> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>> >> <xrds:XRDS
>> >> >> xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
>> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <XRD>
>> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>> >> <Service
>> >> >> priority="0">
>> >> >>  <Type>http://specs.openid.net/auth/2.0/server</Type>
>> >> >>  <Type>http://openid.net/srv/ax/1.0</Type>
>> >> >>  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
>> >> >>  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
>> >> >>  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
>> >> >>  <URI>https://www.google.com/accounts/o8/ud</URI>
>> >> >>  </Service>
>> >> >>  </XRD>
>> >> >>
>> >> >> im sure google can do better than tinyurl.com<http://tinyurl.com>!
>> >> >>
>> >> >> How about op.google.com<http://op.google.com>?!
>> >> >>
>> >> >> ________________________________
>> >> >> From: general-bounces at openid.net<mailto:general-bounces at openid.net>
>> [
>> >> >> general-bounces at openid.net<mailto:general-bounces at openid.net>] On
>> >> Behalf
>> >> >> Of Andrew Arnott [andrewarnott at gmail.com<mailto:
>> andrewarnott at gmail.com
>> >> >]
>> >> >> Sent: Thursday, July 09, 2009 7:16 PM
>> >> >> To: Eric Sachs
>> >> >> Cc: general at openid.net<mailto:general at openid.net>; Paul Johnston
>> >> >> Subject: Re: [OpenID] What is my Google OpenID URL?
>> >> >>
>> >> >> Note that using your Blogger blog URL is not equivalent to using
>> >> >> https://www.google.com/accounts/o8/id.  Besides the user interface
>> of
>> >> the
>> >> >> login experience being completely different, Blogger's Provider is
>> >> only
>> >> >> an
>> >> >> OpenID 1.1 provider, whereas Google's
>> >> >> https://www.google.com/accounts/o8/id OpenID Provider is a more
>> secure
>> >> >> OpenID 2.0 provider.
>> >> >>
>> >> >> --
>> >> >> Andrew Arnott
>> >> >> "I [may] not agree with what you have to say, but I'll defend to the
>> >> >> death
>> >> >> your right to say it." - S. G. Tallentyre
>> >> >>
>> >> >>
>> >> >> On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <esachs at google.com
>> <mailto:
>> >> >>
>> >> esachs at google.com><mailto:esachs at google.com<mailto:esachs at google.com
>> >>>
>> >> >> wrote:
>> >> >> If you create a blog on Google's blogger service, then you can type
>> >> the
>> >> >> name of that blog into OpenID login boxes.
>> >> >>
>> >> >> If you are willing to be really geeky, type in
>> >> >> https://www.google.com/accounts/o8/id.  That points to the generic
>> >> Google
>> >> >> identity provider, and you will be redirected back with an opaque
>> >> >> identifier.  But we don't actually expect anyone to know to do that
>> >> which
>> >> >> is
>> >> >> why a lot of OpenID relying parties are supporting other user
>> >> interfaces
>> >> >> with buttons for Google.  For example, see
>> >> >> http://uservoice.com/session/new
>> >> >>
>> >> >> Similarly a lot of blogs allow you to comment and identify you with
>> an
>> >> >> OpenID URL, and while you can try one of the tricks above, many of
>> the
>> >> >> blog
>> >> >> commenting interfaces also include buttons (or the NASCAR style UI
>> as
>> >> the
>> >> >> community likes to call it) to help users navigate their way
>> through.
>> >> >>
>> >> >> On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston
>> >> >> <paj at pajhome.org.uk<mailto:
>> >> >>
>> >> paj at pajhome.org.uk><mailto:paj at pajhome.org.uk<mailto:
>> paj at pajhome.org.uk
>> >> >>>
>> >> >> wrote:
>> >> >> Hi,
>> >> >>
>> >> >> I'm sorry for asking such an obvious question, but after
>> considerable
>> >> >> time spent searching for this I am unable to figure this out.
>> >> >>
>> >> >> My google account name is paul.paj. I would like to login to
>> >> >> bitbucket.org<http://bitbucket.org><http://bitbucket.org> using
>> >> OpenID.
>> >> >> How do I do it?
>> >> >>
>> >> >> Paul
>> >> >> _______________________________________________
>> >> >> general mailing list
>> >> >>
>> >> general at openid.net<mailto:general at openid.net><mailto:
>> general at openid.net
>> >> >> <mailto:general at openid.net>>
>> >> >> http://openid.net/mailman/listinfo/general
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> general mailing list
>> >> >>
>> >> general at openid.net<mailto:general at openid.net><mailto:
>> general at openid.net
>> >> >> <mailto:general at openid.net>>
>> >> >> http://openid.net/mailman/listinfo/general
>> >> >>
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> general mailing list
>> >> >> general at openid.net
>> >> >> http://openid.net/mailman/listinfo/general
>> >> >>
>> >> >
>> >> > _______________________________________________
>> >> > general mailing list
>> >> > general at openid.net
>> >> > http://openid.net/mailman/listinfo/general
>> >> >
>> >> >
>> >>
>> >>
>> >> -----
>> >>
>> >> Santosh Rajan
>> >> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> >> --
>> >> View this message in context:
>> >> http://www.nabble.com/Google-custom-discovery-tp24431509p24431923.html
>> >> Sent from the OpenID - General mailing list archive at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> general mailing list
>> >> general at openid.net
>> >> http://openid.net/mailman/listinfo/general
>> >>
>> >
>> > _______________________________________________
>> > general mailing list
>> > general at openid.net
>> > http://openid.net/mailman/listinfo/general
>> >
>> >
>>
>>
>> -----
>>
>> Santosh Rajan
>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> --
>> View this message in context:
>> http://www.nabble.com/Google-custom-discovery-tp24431509p24432348.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090710/e8bfa9d7/attachment.htm>

More information about the general mailing list