<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On 29-Oct-08, at 12:25 PM, Eric Sachs wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>>> <span class="Apple-style-span" style="border-collapse: collapse; ">I hope I'm misunderstanding what you are saying and that you support the standard.</span></div><div>>> <span class="Apple-style-span" style="border-collapse: collapse; ">That's the hub and spoke model, pretending to be an open system.</span><div> <span class="Apple-style-span" style="border-collapse: collapse;">Hopefully my follow on post clarified Dick & Peter's questions.</span></div><div><span class="Apple-style-span" style="border-collapse: collapse;"><br> </span></div><div><span class="Apple-style-span" style="border-collapse: collapse;">In fact, one of the questions I raised at the <a href="http://sites.google.com/site/oauthgoog/UXFedLogin/09nov-uxsummit">UX summit</a> last week was how an E-mail outsourcing services like our GoogleAppsForYourDomain could offer this type of OpenID IDP as a service to those domains. Since we host thousands of such domains, the auto-discovery aspects of OpenID are key. However the challenge we face is how to avoid lock-in. In particular, we need a way for an enterprise/ISP/school/etc. to start using our IDP, but later move it somewhere else without breaking federated login for their users. Similarly, they should be able to run their own and then migrate it to us. OpenID provides a great set of abstraction layers to make this possible, however there is still a lot more research we need to do into the actual mechanics of getting that to work.</span></div></div></blockquote><br></div><div>Let the user type in their domain name and have the XRDS record point to a Google operated OP entry point. Could even have the domain in the path so that Google has an idea which domain it is. This way they can move to running their own OP or another OP and have the XRDS point somewhere else. If they point the DNS entry to Google, Google can setup the XRDS for them. Not sure I see what is complicated about this. Can you enlighten me about what I am missing?</div><div><br></div><div>wrt. the UX issues. Yes, there are issues -- and we should develop some additional standards / conventions to address them -- but I don't see why that prevents you from supporting how the protocol works today.</div><div><br></div><div>-- Dick</div></body></html>