[OpenID] Facebook support for OpenID. Where?

[John Panzer]

On Tue, May 19, 2009 at 8:31 PM, Peter Williams <pwilliams at rapattoni.com>wrote:

> The property of being unable to leverage openid until logged into an
> something else first goes back at least to Blogger. My own speculation was
> that it was making up the lack of standard trust model (which implies you
> impose your own), so legal terms could be imposed. Large brands cannot
> operate with that being clear to the corporate counsel...
>
> I initially the same expectation as I think you do (which aligns with SAML2
> websso standard): that you visit a resource, it fails to note a local
> session, so goes its session translator service - that pings some or other
> OP after discovery. If you dont have a OP session, you go through the user
> auth experience to get one, perhaps influenced by the RP's statement of
> requirements. Thereafter, session translation occurs, along with attribute
> transfer. (In the MSFT variant, audience permissions go along with each
> attribute - which the RP may need to help to translate into its local
> permission logic.)
>
> But this was not blogger RP.
>
> Going to a blogger site, to leave an authenticated comment, one first HAD
> to logon to a Google proprietary account, in order to be able to then evenb
> discover and thence ping an OP...which would help you leave an
> OP-authenticated comment on the blogger site (once you authenticated to it).


Peter, this bit is simply not true at all.   Please see
http://openid.net/pipermail/general/2008-March/004483.html where we hashed
this out; I could not reproduce your problems then and I still can't.  Nor
can, as far as I can tell, anybody else.

Just to be clear: Blogger does not require login with a Google account in
order to perform OP discovery.  That would be silly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090519/c67cc1ae/attachment.htm>