[OpenID] One-Click OpenID: A Solution to the NASCAR Problem

Francisco Corella fcorella at pomcor.com
Thu Feb 16 00:39:36 UTC 2012 

Axel,

I looked at your add-on.  I actually installed it and tried it out,
but somehow I didn't recognize my identity providers.

The idea of supplying the openid to an input field of the RP by
dragging the OpenID icon is nice.  My approach, which depends on RP,
IdP and browser enhancements, is a little simpler: there is no input
field.

Francisco



>________________________________
> From: "Axel.Nennker at telekom.de" <Axel.Nennker at telekom.de>
>To: fcorella at pomcor.com; markus.sabadello at gmail.com; chris.messina at gmail.com 
>Cc: openid-general at lists.openid.net; kplewison at pomcor.com 
>Sent: Wednesday, February 15, 2012 12:35 AM
>Subject: RE: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem
> 
>
>I propose to add some id-related functionality to the window object and have blogged about it here:
>http://ignisvulpis.blogspot.com/2011/03/all-those-nascars.html and some other posts around that time.
> 
>The basic idea is to add some code like this  to the RP’s pages:
> 
>function onLoad() {
>  if (window.openid) { 
>    window.openid.getPreferredOpenidProvider(callback);
>  } else {
>    // show the NASCAR or whatever
>  }
>}
> 
>The acceptable Idp could be a parameter to the getPreferredOpenidProvider method but most OC accept any OpenID anyway…
> 
>The addon that implements this is here: https://addons.mozilla.org/en-US/firefox/addon/openid-for-firefox/
>It learns your openid too by looking for id_res in a server response.
> 
>Axel
> 
> 
> 
>From:openid-general-bounces at lists.openid.net [mailto:openid-general-bounces at lists.openid.net] On Behalf Of Francisco Corella
>Sent: Wednesday, February 15, 2012 7:02 AM
>To: Markus Sabadello; Chris Messina
>Cc: OpenID General; Karen Lewison
>Subject: Re: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem
> 
>Markus:
>
>OpenID Selector is not a solution to the NASCAR problem, it is the
>NASCAR problem itself.  It's a good example of what I'm trying to
>avoid.
>
>Everybody:
>
>Before telling me that what I'm proposing has been done before, please
>read what I'm proposing.  Or if that takes too much effort, please
>consider this: in my solution, the relying party displays a single
>button "Login with OpenID".  The user clicks on the button and is
>automagically redirected to her preferred OpenID provider, even if the
>relying party has never heard of it.
>
>Hint: if you want to criticize this, you could criticize the fact
>that it requires an ad-hoc HTTP header, and ad-hoc HTML tag, and new
>browser functionality.  Messieurs les Anglais, tirez les premiers.
>
>Francisco
> 
>>
>>________________________________
>>
>>From:Markus Sabadello <markus.sabadello at gmail.com>
>>To: Chris Messina <chris.messina at gmail.com> 
>>Cc: Francisco Corella <fcorella at pomcor.com>; OpenID General <openid-general at lists.openid.net>; Karen Lewison <kplewison at pomcor.com> 
>>Sent: Tuesday, February 14, 2012 2:41 PM
>>Subject: Re: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem
>> 
>>Yes this has existed before.
>>At the OpenID Summit in Nov 2009, this was called "OpenID Selector", and then later "Active Client".
>>Mike Jones did a demo of an OpenID-enabled version of CardSpace that could remember your OpenIDs and allowed one-click login.
>>And myself, I did a demo of the Higgins equivalent.
>>Here are some old slides and info:
>>http://wiki.openid.net/w/page/12995207/2009%20OpenID%20Summit 
>> 
>>Markus
>>-- 
>>Project Danube: http://projectdanube.org/
>>PDEC: http://personaldataecosystem.org/
>> 
>>On Tue, Feb 14, 2012 at 7:18 AM, Chris Messina <chris.messina at gmail.com> wrote:
>>
>>
>>On Monday, February 13, 2012, Francisco Corella <fcorella at pomcor.com> wrote:
>>> Chris,
>>>
>>>> You may also be interested in some of the Social Agent work I did with
>>>> Mozilla around baking identity into the browser:
>>>>
>>>> http://factoryjoe.com/social-agent/
>>>> http://factoryjoe.com/blog/2010/03/12/the-social-agent-part-2-connect/
>>>
>>> Thanks for link.  Interesting.  I agree that there are similarities.
>>> In particular, your Activate step is similar to setting an identity
>>> provider as the default in my scheme.
>>>
>>>> So long as choice of IDP is something that you want to provide the
>>>> user, something like the NASCAR, a search box, or an email field will
>>>> still be necessary to help them get started.
>>>
>>> No.  A solution based on a cookie set by relying party to remember
>>> what identity provider has been used on a previous visit would need
>>> something to "get started".  
>>Right, I'm asking about the first time visit. Not about a re-visit. 
>>
>>> But in my solution the <idp> element
>>> tells the relying party what identity provider the user wants to use
>>> even if the user has never visited the relying party before.
>>I believe this was a feature of CardSpace/Infocard. 
>>
>>
>>>
>>> Francisco
>>>
>>> ________________________________
>>> From: Chris Messina <chris.messina at gmail.com>
>>> To: Francisco Corella <fcorella at pomcor.com>; Dick Hardt <dick.hardt at gmail.com>
>>> Cc: OpenID General <openid-general at lists.openid.net>; Karen Lewison <kplewison at pomcor.com>
>>> Sent: Monday, February 13, 2012 6:52 PM
>>> Subject: Re: [OpenID] One-Click OpenID: A Solution to the NASCAR Problem
>>>
>>> You may also be interested in some of the Social Agent work I did with Mozilla around baking identity into the browser:
>>> http://factoryjoe.com/social-agent/
>>> http://factoryjoe.com/blog/2010/03/12/the-social-agent-part-2-connect/
>>> So long as choice of IDP is something that you want to provide the user, something like the NASCAR, a search box, or an email field will still be necessary to help them get started.
>>>
>>> On Mon, Feb 13, 2012 at 5:12 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>>>
>>> Not really a new idea -- but nice to see people are still thinking about things.
>>> Challenges:
>>> How do you deal with the user getting a new machine? Is there a way to sync IDPs or does the user need to log into all the IDPs on a new machine before they can log into sites?
>>> How does this degrade for browsers that do not support storing the IDP (i.e., all the existing browsers out there)?
>>> -- Dick
>>> On Feb 13, 2012, at 6:00 PM, Francisco Corella wrote:
>>>
>>> FYI:
>>> One-Click OpenID: A Solution to the NASCAR Problem, blog post at
>>> http://pomcor.com/2012/02/13/one-click-openid-a-solution-to-the-nascar-problem/
>>> Comments welcome.
>>>
>>> Francisco
>>>
>>> Francisco Corella, PhD
>>> Founder & CTO, Pomcor
>>> Twitter: @fcorella
>>> Blog: http://pomcor.com/blog/
>>> Web site: http://pomcor.com
>>> _______________________________________________
>>> general mailing list
>>> general at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-general
>>>
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-general
>>>
>>>
>>>
>>>
>>> --
>>> Chris Messina
>>> User Experience Designer, Google
>>>
>>> //chrismessina.me | + | @chrismessina
>>> This email is:   [ ] shareable    [✔] ask first   [ ] private
>>>
>>>
>>>
>>
>>-- 
>>Chris Messina
>>User Experience Designer, Google
>>//chrismessina.me | + | @chrismessina
>> 
>>This email is:   [ ] shareable    [✔] ask first   [ ] private
>>
>>_______________________________________________
>>general mailing list
>>general at lists.openid.net
>>http://lists.openid.net/mailman/listinfo/openid-general
>>
>>
>>
>> 
>> 
>> 
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120215/952a6e62/attachment.html>

More information about the general mailing list