<div dir="ltr">I was very dissatisfied with Seatbelt because I couldn't figure out how to add just any OP... some special Seatbelt configuration file "couldn't be found" for them. So I was stuck using Verisign's PIP provider. When I put in my delegate URL of "=arnott", it said I was being phished, probably because the RP was directed me to the OP I actually wanted to use.<br>
<br>It seems to me that any extension doing this sort of thing (so consider this a wishlist item for IDIB) should accept an XRI or URI that the user is already using as his/her identifier, perform discovery on that, and read the XRDS file and set up all the Providers automatically.<br>
<br><div class="gmail_quote">On Fri, Aug 8, 2008 at 7:14 AM, George Fletcher <span dir="ltr"><<a href="mailto:gffletch@aol.com">gffletch@aol.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
There is one slight model difference between seatbelt and IDIB. In the<br>
seatbelt case, it only activates if the user navigates to the page that<br>
contains the OpenID login form (i.e. has a form element named<br>
openid_url). Also, it can only "log you in" from that same page (i.e. it<br>
has to use the OpenID form for authentication).<br>
<br>
In the case if IDIB, it (1) uses XRDS discovery so it is not restricted<br>
to the RP's login page and (2) uses a discovered well-known endpoint to<br>
start the authentication process (i.e. not tied to the OpenID login form).<br>
<br>
These differences provide a better user experience, because the user<br>
doesn't have to find the RP's login form and also because if they<br>
followed a deep link, they can still be authenticated and returned to<br>
that resource without having to bounce to the "login page".<br>
<br>
[Caveat: This is based on my knowledge of seatbelt when we integrated<br>
the AOL OpenID provider with the plugin. Please correct me if anything<br>
has changed.]<br>
<br>
Thanks,<br>
<font color="#888888">George<br>
</font><div><div></div><div class="Wj3C7c"><br>
Robert Mark White wrote:<br>
> Not to rain on anyones parade but why not just use the program seatbelt<br>
> from verisign? I have been using it for months now it allows me to use<br>
> different openid's and it protects against phishing. Why reinvent the<br>
> wheel? All that has to happen is for the openid providers to add a<br>
> simple file to their website making their openid's work with seatbelt.<br>
> Sure its proprietary and not "open source" but it allows any openid<br>
> provider to use it, and it works with FF 3.0 right now and has for many<br>
> months.<br>
><br>
> Signed an interested nobody<br>
> Robert Mark White<br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br></div>