[OpenID] Google custom discovery

Santosh Rajan santrajan at gmail.com
Sat Jul 11 02:35:25 UTC 2009 

Short of pimping something I have started off here, Why didnt Google go for
something like this?
http://wiki.openid.net/OpenID-discovery-for-Email-Like-identifiers
http://wiki.openid.net/OpenID-discovery-for-Email-Like-identifiers 

This would have avoided XRDS and would have been more in line with the
current work done.


Breno de Medeiros wrote:
> 
> Actually, the better link is:
> http://www.abstractioneer.org/2009/04/personal-web-discovery.html
> 
> and the linked posts in hueniverse.org
> 
> On Fri, Jul 10, 2009 at 11:20 AM, Breno de Medeiros
> <breno at google.com>wrote:
> 
>> There is already a proposal for this called webfinger:
>> http://www.abstractioneer.org/
>>
>> It leverages the LRDD proposal to provide a generic mechanism for email
>> addresses, xmpp addresses, etc.
>>
>>
>> On Fri, Jul 10, 2009 at 11:16 AM, Santosh Rajan
>> <santrajan at gmail.com>wrote:
>>
>>>
>>> It could be the gmail username, and google profile usernames they dont
>>> clash.
>>> Problem is only for Google employees who have google.com email
>>> addresses.
>>> :)
>>>
>>> Eric Sachs wrote:
>>> >
>>> > Only a subset of GoogleProfile users register a username, but yes, for
>>> > those
>>> > users that is the common request we get.
>>> >
>>> > On Fri, Jul 10, 2009 at 10:46 AM, Santosh Rajan <santrajan at gmail.com>
>>> > wrote:
>>> >
>>> >>
>>> >> Actually why dont you do discovery on
>>> >> http://google.com/username
>>> >> You can do that without clashing with your google.com namespace by
>>> only
>>> >> responding to "Accept" header request with "application/XRD". That
>>> would
>>> >> really make a killer OpenID.
>>> >>
>>> >>
>>> >> Eric Sachs wrote:
>>> >> >
>>> >> > The feature in this area that we get more requests for is to
>>> support
>>> >> > OpenID
>>> >> > validation for the relatively new Google Profiles service, i.e.
>>> >> > profiles.google.com, which is also a more memorable endpoint for
>>> users
>>> >> to
>>> >> > type :-).  That support is not yet available, but its definitely on
>>> the
>>> >> > list.
>>> >> > On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams
>>> >> > <pwilliams at rapattoni.com>wrote:
>>> >> >
>>> >> >> Lets hope it prompts google to do much better: http://op.
>>> google.com:
>>> >> >> forming the eminently typable "op.google.com".
>>> >> >>
>>> >> >> They might even have that redirect to http://google.com/op which
>>> they
>>> >> >> might make an xri mount point to the I-brokered authority that
>>> serves
>>> >> the
>>> >> >> op
>>> >> >> xrd/s. If their op is a real xri-labelled authority, a ref field
>>> in
>>> >> the
>>> >> >> sep
>>> >> >> can even properly provide for delgated authorization of xrd files
>>> by
>>> >> user
>>> >> >> authorities (which openid auth hacks up as openid delegation, when
>>> >> >> abusing
>>> >> >> the semantics of the op local id field per jonny bufu's recent
>>> >> message).
>>> >> >>
>>> >> >> I dont think its hard to meet professional security engineering
>>> >> standards
>>> >> >> within openid: just be complete about xri semantics (even when
>>> using
>>> >> http
>>> >> >> identifiers). We dont need custom extensions for discovery,
>>> >> particularly
>>> >> >> if
>>> >> >> they project idp-centric vs user centric identity models.
>>> >> >>
>>> >> >> But lets wait and see how they are signing the xrd files (the way
>>> the
>>> >> >> openxri server does it (per the standard), or "otherwise"). The
>>> >> validity
>>> >> >> logic for verifying that signature will tell us what class of
>>> trust
>>> >> >> semantics they are working towards: google as ttp for attribute
>>> >> sharing,
>>> >> >> or
>>> >> >> uci.
>>> >> >>
>>> >> >> ________________________________
>>> >> >> From: Andrew Arnott <andrewarnott at gmail.com>
>>> >> >> Sent: Thursday, July 09, 2009 8:30 PM
>>> >> >> To: Peter Williams <pwilliams at rapattoni.com>
>>> >> >> Cc: Eric Sachs <esachs at google.com>; general at openid.net
>>> >> >> <general at openid.net>;
>>> >> >> Paul Johnston <paj at pajhome.org.uk>
>>> >> >> Subject: Re: [OpenID] What is my Google OpenID URL?
>>> >> >>
>>> >> >> Wow.  I'm going to have to use that tinyurl everywhere now. :-p
>>> >> >>
>>> >> >> --
>>> >> >> Andrew Arnott
>>> >> >> "I [may] not agree with what you have to say, but I'll defend to
>>> the
>>> >> >> death
>>> >> >> your right to say it." - S. G. Tallentyre
>>> >> >>
>>> >> >>
>>> >> >> On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams
>>> >> <pwilliams at rapattoni.com
>>> >> >> <mailto:pwilliams at rapattoni.com>> wrote:
>>> >> >> come  on google, it takes you 10s to have a redirector URL
>>> >> >> (op.google.com<
>>> >> >> http://op.google.com>, perhaps?) redirect to the
>>> >> >> https://www.google.com/accounts/o8/id. Conforming RPs are require
>>> to
>>> >> >> follow the redirect, before detecting that the XRD at that address
>>> is
>>> >> an
>>> >> >> law#4-capable OP, vs a user.
>>> >> >>
>>> >> >>
>>> >> >> http://tinyurl.com/googop now produces
>>> >> >> <?xml version="1.0" encoding="UTF-8" ?>
>>> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>>> >> <xrds:XRDS
>>> >> >> xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
>>> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>>> <XRD>
>>> >> >> -<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#>
>>> >> <Service
>>> >> >> priority="0">
>>> >> >>  <Type>http://specs.openid.net/auth/2.0/server</Type>
>>> >> >>  <Type>http://openid.net/srv/ax/1.0</Type>
>>> >> >>  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
>>> >> >>  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
>>> >> >>  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
>>> >> >>  <URI>https://www.google.com/accounts/o8/ud</URI>
>>> >> >>  </Service>
>>> >> >>  </XRD>
>>> >> >>
>>> >> >> im sure google can do better than tinyurl.com<http://tinyurl.com>!
>>> >> >>
>>> >> >> How about op.google.com<http://op.google.com>?!
>>> >> >>
>>> >> >> ________________________________
>>> >> >> From:
>>> general-bounces at openid.net<mailto:general-bounces at openid.net>
>>> [
>>> >> >> general-bounces at openid.net<mailto:general-bounces at openid.net>] On
>>> >> Behalf
>>> >> >> Of Andrew Arnott [andrewarnott at gmail.com<mailto:
>>> andrewarnott at gmail.com
>>> >> >]
>>> >> >> Sent: Thursday, July 09, 2009 7:16 PM
>>> >> >> To: Eric Sachs
>>> >> >> Cc: general at openid.net<mailto:general at openid.net>; Paul Johnston
>>> >> >> Subject: Re: [OpenID] What is my Google OpenID URL?
>>> >> >>
>>> >> >> Note that using your Blogger blog URL is not equivalent to using
>>> >> >> https://www.google.com/accounts/o8/id.  Besides the user interface
>>> of
>>> >> the
>>> >> >> login experience being completely different, Blogger's Provider is
>>> >> only
>>> >> >> an
>>> >> >> OpenID 1.1 provider, whereas Google's
>>> >> >> https://www.google.com/accounts/o8/id OpenID Provider is a more
>>> secure
>>> >> >> OpenID 2.0 provider.
>>> >> >>
>>> >> >> --
>>> >> >> Andrew Arnott
>>> >> >> "I [may] not agree with what you have to say, but I'll defend to
>>> the
>>> >> >> death
>>> >> >> your right to say it." - S. G. Tallentyre
>>> >> >>
>>> >> >>
>>> >> >> On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <esachs at google.com
>>> <mailto:
>>> >> >>
>>> >> esachs at google.com><mailto:esachs at google.com<mailto:esachs at google.com
>>> >>>
>>> >> >> wrote:
>>> >> >> If you create a blog on Google's blogger service, then you can
>>> type
>>> >> the
>>> >> >> name of that blog into OpenID login boxes.
>>> >> >>
>>> >> >> If you are willing to be really geeky, type in
>>> >> >> https://www.google.com/accounts/o8/id.  That points to the generic
>>> >> Google
>>> >> >> identity provider, and you will be redirected back with an opaque
>>> >> >> identifier.  But we don't actually expect anyone to know to do
>>> that
>>> >> which
>>> >> >> is
>>> >> >> why a lot of OpenID relying parties are supporting other user
>>> >> interfaces
>>> >> >> with buttons for Google.  For example, see
>>> >> >> http://uservoice.com/session/new
>>> >> >>
>>> >> >> Similarly a lot of blogs allow you to comment and identify you
>>> with
>>> an
>>> >> >> OpenID URL, and while you can try one of the tricks above, many of
>>> the
>>> >> >> blog
>>> >> >> commenting interfaces also include buttons (or the NASCAR style UI
>>> as
>>> >> the
>>> >> >> community likes to call it) to help users navigate their way
>>> through.
>>> >> >>
>>> >> >> On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston
>>> >> >> <paj at pajhome.org.uk<mailto:
>>> >> >>
>>> >> paj at pajhome.org.uk><mailto:paj at pajhome.org.uk<mailto:
>>> paj at pajhome.org.uk
>>> >> >>>
>>> >> >> wrote:
>>> >> >> Hi,
>>> >> >>
>>> >> >> I'm sorry for asking such an obvious question, but after
>>> considerable
>>> >> >> time spent searching for this I am unable to figure this out.
>>> >> >>
>>> >> >> My google account name is paul.paj. I would like to login to
>>> >> >> bitbucket.org<http://bitbucket.org><http://bitbucket.org> using
>>> >> OpenID.
>>> >> >> How do I do it?
>>> >> >>
>>> >> >> Paul
>>> >> >> _______________________________________________
>>> >> >> general mailing list
>>> >> >>
>>> >> general at openid.net<mailto:general at openid.net><mailto:
>>> general at openid.net
>>> >> >> <mailto:general at openid.net>>
>>> >> >> http://openid.net/mailman/listinfo/general
>>> >> >>
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> general mailing list
>>> >> >>
>>> >> general at openid.net<mailto:general at openid.net><mailto:
>>> general at openid.net
>>> >> >> <mailto:general at openid.net>>
>>> >> >> http://openid.net/mailman/listinfo/general
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> general mailing list
>>> >> >> general at openid.net
>>> >> >> http://openid.net/mailman/listinfo/general
>>> >> >>
>>> >> >
>>> >> > _______________________________________________
>>> >> > general mailing list
>>> >> > general at openid.net
>>> >> > http://openid.net/mailman/listinfo/general
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >> -----
>>> >>
>>> >> Santosh Rajan
>>> >> http://santrajan.blogspot.com http://santrajan.blogspot.com
>>> >> --
>>> >> View this message in context:
>>> >>
>>> http://www.nabble.com/Google-custom-discovery-tp24431509p24431923.html
>>> >> Sent from the OpenID - General mailing list archive at Nabble.com.
>>> >>
>>> >> _______________________________________________
>>> >> general mailing list
>>> >> general at openid.net
>>> >> http://openid.net/mailman/listinfo/general
>>> >>
>>> >
>>> > _______________________________________________
>>> > general mailing list
>>> > general at openid.net
>>> > http://openid.net/mailman/listinfo/general
>>> >
>>> >
>>>
>>>
>>> -----
>>>
>>> Santosh Rajan
>>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Google-custom-discovery-tp24431509p24432348.html
>>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>
>>
>>
>> --
>> --Breno
>>
>> +1 (650) 214-1007 desk
>> +1 (408) 212-0135 (Grand Central)
>> MTV-41-3 : 383-A
>> PST (GMT-8) / PDT(GMT-7)
>>
> 
> 
> 
> -- 
> --Breno
> 
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 


-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/Google-custom-discovery-tp24431509p24436735.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list