[OpenID] One-Click OpenID: A Solution to the NASCAR Problem

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Wed Feb 15 08:35:13 UTC 2012 

I propose to add some id-related functionality to the window object and have blogged about it here:
http://ignisvulpis.blogspot.com/2011/03/all-those-nascars.html and some other posts around that time.

The basic idea is to add some code like this  to the RP’s pages:

function onLoad() {
  if (window.openid) {

    window.openid.getPreferredOpenidProvider(callback);
  } else {
    // show the NASCAR or whatever
  }
}

The acceptable Idp could be a parameter to the getPreferredOpenidProvider method but most OC accept any OpenID anyway…

The addon that implements this is here: https://addons.mozilla.org/en-US/firefox/addon/openid-for-firefox/
It learns your openid too by looking for id_res in a server response.

Axel



From: openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Francisco Corella
Sent: Wednesday, February 15, 2012 7:02 AM
To: Markus Sabadello; Chris Messina
Cc: OpenID General; Karen Lewison
Subject: Re: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem

Markus:

OpenID Selector is not a solution to the NASCAR problem, it is the
NASCAR problem itself.  It's a good example of what I'm trying to
avoid.

Everybody:

Before telling me that what I'm proposing has been done before, please
read what I'm proposing.  Or if that takes too much effort, please
consider this: in my solution, the relying party displays a single
button "Login with OpenID".  The user clicks on the button and is
automagically redirected to her preferred OpenID provider, even if the
relying party has never heard of it.

Hint: if you want to criticize this, you could criticize the fact
that it requires an ad-hoc HTTP header, and ad-hoc HTML tag, and new
browser functionality.  Messieurs les Anglais, tirez les premiers.

Francisco

________________________________
From: Markus Sabadello <markus.sabadello at gmail.com>
To: Chris Messina <chris.messina at gmail.com>
Cc: Francisco Corella <fcorella at pomcor.com>; OpenID General <openid-general at lists.openid.net>; Karen Lewison <kplewison at pomcor.com>
Sent: Tuesday, February 14, 2012 2:41 PM
Subject: Re: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem

Yes this has existed before.
At the OpenID Summit in Nov 2009, this was called "OpenID Selector", and then later "Active Client".
Mike Jones did a demo of an OpenID-enabled version of CardSpace that could remember your OpenIDs and allowed one-click login.
And myself, I did a demo of the Higgins equivalent.
Here are some old slides and info:
http://wiki.openid.net/w/page/12995207/2009%20OpenID%20Summit

Markus
--
Project Danube: http://projectdanube.org/
PDEC: http://personaldataecosystem.org/

On Tue, Feb 14, 2012 at 7:18 AM, Chris Messina <chris.messina at gmail.com<mailto:chris.messina at gmail.com>> wrote:


On Monday, February 13, 2012, Francisco Corella <fcorella at pomcor.com<mailto:fcorella at pomcor.com>> wrote:
> Chris,
>
>> You may also be interested in some of the Social Agent work I did with
>> Mozilla around baking identity into the browser:
>>
>> http://factoryjoe.com/social-agent/
>> http://factoryjoe.com/blog/2010/03/12/the-social-agent-part-2-connect/
>
> Thanks for link.  Interesting.  I agree that there are similarities.
> In particular, your Activate step is similar to setting an identity
> provider as the default in my scheme.
>
>> So long as choice of IDP is something that you want to provide the
>> user, something like the NASCAR, a search box, or an email field will
>> still be necessary to help them get started.
>
> No.  A solution based on a cookie set by relying party to remember
> what identity provider has been used on a previous visit would need
> something to "get started".
Right, I'm asking about the first time visit. Not about a re-visit.

> But in my solution the <idp> element
> tells the relying party what identity provider the user wants to use
> even if the user has never visited the relying party before.
I believe this was a feature of CardSpace/Infocard.


>
> Francisco
>
> ________________________________
> From: Chris Messina <chris.messina at gmail.com<mailto:chris.messina at gmail.com>>
> To: Francisco Corella <fcorella at pomcor.com<mailto:fcorella at pomcor.com>>; Dick Hardt <dick.hardt at gmail.com<mailto:dick.hardt at gmail.com>>
> Cc: OpenID General <openid-general at lists.openid.net<mailto:openid-general at lists.openid.net>>; Karen Lewison <kplewison at pomcor.com<mailto:kplewison at pomcor.com>>
> Sent: Monday, February 13, 2012 6:52 PM
> Subject: Re: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem
>
> You may also be interested in some of the Social Agent work I did with Mozilla around baking identity into the browser:
> http://factoryjoe.com/social-agent/
> http://factoryjoe.com/blog/2010/03/12/the-social-agent-part-2-connect/
> So long as choice of IDP is something that you want to provide the user, something like the NASCAR, a search box, or an email field will still be necessary to help them get started.
>
> On Mon, Feb 13, 2012 at 5:12 PM, Dick Hardt <dick.hardt at gmail.com<mailto:dick.hardt at gmail.com>> wrote:
>
> Not really a new idea -- but nice to see people are still thinking about things.
> Challenges:
> How do you deal with the user getting a new machine? Is there a way to sync IDPs or does the user need to log into all the IDPs on a new machine before they can log into sites?
> How does this degrade for browsers that do not support storing the IDP (i.e., all the existing browsers out there)?
> -- Dick
> On Feb 13, 2012, at 6:00 PM, Francisco Corella wrote:
>
> FYI:
> One-Click OpenID: A Solution to the NASCAR Problem, blog post at
> http://pomcor.com/2012/02/13/one-click-openid-a-solution-to-the-nascar-problem/
> Comments welcome.
>
> Francisco
>
> Francisco Corella, PhD
> Founder & CTO, Pomcor
> Twitter: @fcorella
> Blog: http://pomcor.com/blog/
> Web site: http://pomcor.com
> _______________________________________________
> general mailing list
> general at lists.openid.net<mailto:general at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net<mailto:general at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
>
>
> --
> Chris Messina
> User Experience Designer, Google
>
> //chrismessina.me<http://chrismessina.me> | + | @chrismessina
> This email is:   [ ] shareable    [✔] ask first   [ ] private
>
>
>

--
Chris Messina
User Experience Designer, Google
//chrismessina.me<http://chrismessina.me> | +<https://plus.google.com/102034052532213921839> | @chrismessina<http://twitter.com/chrismessina>

This email is:   [ ] shareable    [✔] ask first   [ ] private

_______________________________________________
general mailing list
general at lists.openid.net<mailto:general at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-general





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120215/9910fcf5/attachment-0002.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120215/9910fcf5/attachment-0003.html>

More information about the general mailing list