Chris,<br><br>Is there anyway you elaborate on your protocol in pseudo-code before you actually release the formalized version? I'm curious to know what direction you are headed in.<br><br>Thanks!<br><br>david<br><br>
<div><span class="gmail_quote">On 5/1/07, <b class="gmail_sendername">
Chris Messina</b> <<a href="mailto:chris.messina@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">chris.messina@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I do want to just shout out that we've been working on a solution for<br>this for Twitter and Ma.gnolia. To describe the problem more acutely:<br><br>* Let's say you login into Ma.gnolia with an OpenID. This creates an
<br>account for you on Ma.gnolia keyed to your OpenID URL.<br>* Next, you download the Ma.gnolia desktop widget and attempt to<br>login. It requires a username and password, which you don't have,<br>since you logged in with OpenID.
<br>* At this point, Ma.gnolia could either assign a unique username and<br>password to you, which would defeat the purpose, or we could do<br>something like Flickr does with FlickAuth.<br>* This situation also holds for remote web services that want to make
<br>use of protected Ma.gnolia user data that requires authentication for<br>access.<br><br>I believe that Gabe's solution has this situation in mind, though it<br>requires running a local server, which, in our use case, is not
<br>acceptable.<br><br>In the meantime, we've developed an alternative,<br>authentication-neutral protocol for handling this situation that will<br>work with OpenID (our preferred method) or any other authentication<br>
protocol.<br><br>We have a prototype and code to perform this action right now, but it<br>needs more work before we're ready to release it.<br><br>I just wanted to alert folks to the fact that some folks are attacking
<br>this problem and offering details on our approach.<br><br>Chris<br><br><br>On 5/1/07, Martin Atkins <<a href="mailto:mart@degeneration.co.uk" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
mart@degeneration.co.uk</a>> wrote:<br>> Brendan Taylor wrote:<br>
> ><br>> > When I get some time I intend to describe this idea more concretely and<br>> > implement it. I don't want it to get in the way of SRP adoption, though.<br>> ><br>><br>> I wouldn't worry too much about the Signature Request Protocol. I think
<br>> I'm the only one who cares about it right now. :)<br>><br>> I'd much sooner see a solution get out there, even if it's just a quick<br>> hack that gets the job done. There are several apps that could
<br>> potentially use this that I'd love to see use OpenID rather than Yet<br>> Another Password.<br>><br>><br>><br>> _______________________________________________<br>> general mailing list<br>
>
<a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">general@openid.net</a><br>> <a href="http://openid.net/mailman/listinfo/general" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://openid.net/mailman/listinfo/general</a><br>><br><br><br>--<br>Chris Messina<br>Citizen Provocateur &
<br> Open Source Ambassador-at-Large<br>Work: <a href="http://citizenagency.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://citizenagency.com</a><br>Blog: <a href="http://factoryjoe.com/blog" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://factoryjoe.com/blog</a><br>Cell: 412 225-1051<br>Skype: factoryjoe
<br>This email is: [ ] bloggable [X] ask first [ ] private<br>_______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
general@openid.net</a><br><a href="http://openid.net/mailman/listinfo/general" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://openid.net/mailman/listinfo/general</a><br></blockquote></div><br>