On Tue, May 19, 2009 at 8:31 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
The property of being unable to leverage openid until logged into an something else first goes back at least to Blogger. My own speculation was that it was making up the lack of standard trust model (which implies you impose your own), so legal terms could be imposed. Large brands cannot operate with that being clear to the corporate counsel...<br>
<br>
I initially the same expectation as I think you do (which aligns with SAML2 websso standard): that you visit a resource, it fails to note a local session, so goes its session translator service - that pings some or other OP after discovery. If you dont have a OP session, you go through the user auth experience to get one, perhaps influenced by the RP's statement of requirements. Thereafter, session translation occurs, along with attribute transfer. (In the MSFT variant, audience permissions go along with each attribute - which the RP may need to help to translate into its local permission logic.)<br>
<br>
But this was not blogger RP.<br>
<br>
Going to a blogger site, to leave an authenticated comment, one first HAD to logon to a Google proprietary account, in order to be able to then evenb discover and thence ping an OP...which would help you leave an OP-authenticated comment on the blogger site (once you authenticated to it).</blockquote>
<div><br>Peter, this bit is simply not true at all. Please see <a href="http://openid.net/pipermail/general/2008-March/004483.html">http://openid.net/pipermail/general/2008-March/004483.html</a> where we hashed this out; I could not reproduce your problems then and I still can't. Nor can, as far as I can tell, anybody else.<br>
<br>Just to be clear: Blogger does not require login with a Google account in order to perform OP discovery. That would be silly.<br><br></div></div><br>