[OpenID] Openidsamplestore

Johannes Ernst jernst+openid.net at netmesh.us
Mon Jan 24 04:33:00 UTC 2011 

As follow-up: I'm surprised that the redirection-to-IDP uses identifier-select as the identifier, instead of the Google profile URL. The latter is known because as a client, I can follow gmail.com/.well-known/host-meta and then to http://www.google.com/s2/webfinger/?q=Johannes.Ernst@gmail.com.

Then on the return leg, it uses a pairwise identifier. What's the point for that? It seems the user specifically said they would want to be known with their global identifier when entering Johannes.Ernst at gmail.com...


On Jan 23, 2011, at 17:57, Johannes Ernst wrote:

>> On Jan 23, 2011, at 16:57, Chris Messina wrote:
>> 
>>> ... but we'll get there!
> 
> Is that a promise? ;-)
> 
> So this is what I'd like to see -- my requirements if you wish. I'll use Google identifiers for illustration:
> 
> 1. At RP's login prompt, use either
>   a. e-mail address (example at gmail.com), or
>   b. http url  (profiles.google.com/example -- or whatever the canonical form is these days)
> 
> 2. I get redirect to Google, where I get the approval dialog form. This means:
>   a. If I'm logged into the (sole) Google account "example", I get a password-less confirmation dialog for "example"
>   b. If I'm logged into multiple Google accounts, among them "example", I get a password-less confirmation dialog for "example" AND the ability to change accounts before I click "confirm"
>   c. If I'm logged into a Google account other than "example", I get the login/password dialog for "example", with the ability to log into a different account instead.
> 
> Curiously, what I'm asking for already partially works:
> - if I use profiles.google.com/example as OpenID URL and I'm logged into a different account, it will ask me, in very small letters, but nevertheless, whether I want to log in using a different account
> - it won't do that when I use an e-mail address because it discards, as we discovered, the user part of the address
> - the most recent Yahoo-as-RP integration seems to also have a button for that purpose
> 
> Does this make sense?
> 
> Cheers,
> 
> 
> 
> Johannes.
> 
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list