No subject
Wed May 20 00:45:31 UTC 2009
I do for OpenID users when they need a password?" question. It also means
that these UIs code be used to generate OAuth tokens where the consumer key
is the user's OpenID (or some normalized version of it) and the secret is
some randomly generated string.
Chris
--
Chris Messina
Open Web Advocate
Website: http://factoryjoe.com
Blog: http://factoryjoe.com/blog
Twitter: http://twitter.com/chrismessina
Diso Project: http://diso-project.org
OpenID Foundation: http://openid.net
This email is: [ ] bloggable [X] ask first [ ] private
--0016e64601d04c8687046b5fff18
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div class=3D"gmail_quote">On Mon, Jun 1, 2009 at 11:03 PM, Ben Laurie <spa=
n dir=3D"ltr"><<a href=3D"mailto:benl at google.com">benl at google.com</a>>=
;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class=3D"im">On Mon, Jun 1, 2009 at 10:22 PM, Chris Messina <<a hre=
f=3D"mailto:chris.messina at gmail.com">chris.messina at gmail.com</a>> wrote:=
<br><br>
> And, FWIW, Google Code and Basecamp both provide a decent solution for=
<br>
> dealing with OpenID users in cases with browser-less situations like t=
he<br>
> command-line... by providing a revokable/resettable secret that can be=
used<br>
> in combination with one's OpenID to perform CLI authentication w/o=
creating<br>
> a new username.<br>
<br>
</div>I don't think Google Code does ... but clearly it could, using th=
e<br>
mechanism it currently uses for generating passwords. That is, as you<br>
say, a resettable random string, which could be used as an unguessable<br>
user ID instead of as a password. Alternatively, if we used email<br>
addresses as IDs, their email address could be their user id and<br>
OpenID used to generate the password, much as Google Code does today.<br>
Just saying.</blockquote><div><br></div><div>I should have been more clear.=
</div><div><br></div><div>Google Code DOES NOT yet support OpenID, but it d=
oes provide a "GoogleCode.com password" that is used as an altern=
ative to your Google password in order to interact with its system:</div>
<div><br></div><div><a href=3D"http://www.flickr.com/photos/factoryjoe/3588=
867545/">http://www.flickr.com/photos/factoryjoe/3588867545/</a></div><div>=
<br></div><div>Basecamp, meanwhile, provides the user with a separate usern=
ame and password for accessing a project's RSS feed, meaning that these=
credentials can be reset if they are compromised, or better, in the case o=
f shared workspaces, invalidated if someone leaves a project:</div>
<div><br></div><div><a href=3D"http://www.flickr.com/photos/factoryjoe/2723=
687290/">http://www.flickr.com/photos/factoryjoe/2723687290/</a>=A0</div><d=
iv><br></div><div>From a UI perspective at least, these two approaches solv=
e the "well what do I do for OpenID users when they need a password?&q=
uot; question. It also means that these UIs code be used to generate OAuth =
tokens where the consumer key is the user's OpenID (or some normalized =
version of it) and the secret is some randomly generated string.</div>
<div><br></div><div>Chris</div></div><br>-- <br>Chris Messina<br>Open Web A=
dvocate<br><br>Website: <a href=3D"http://factoryjoe.com">http://factoryjoe=
.com</a><br>Blog: <a href=3D"http://factoryjoe.com/blog">http://factoryjoe.=
com/blog</a><br>
Twitter: <a href=3D"http://twitter.com/chrismessina">http://twitter.com/chr=
ismessina</a><br><br>Diso Project: <a href=3D"http://diso-project.org">http=
://diso-project.org</a><br>OpenID Foundation: <a href=3D"http://openid.net"=
>http://openid.net</a><br>
<br>This email is: =A0 [ ] bloggable =A0 =A0[X] ask first =A0 [ ] private<b=
r>
--0016e64601d04c8687046b5fff18--
More information about the general
mailing list