The feature in this area that we get more requests for is to support OpenID validation for the relatively new Google Profiles service, i.e. <a href="http://profiles.google.com">profiles.google.com</a>, which is also a more memorable endpoint for users to type :-). That support is not yet available, but its definitely on the list.<div>
<br><div class="gmail_quote">On Fri, Jul 10, 2009 at 10:16 AM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Lets hope it prompts google to do much better: <a href="http://op" target="_blank">http://op</a>. <a href="http://google.com" target="_blank">google.com</a>: forming the eminently typable "<a href="http://op.google.com" target="_blank">op.google.com</a>".<br>
<br>
They might even have that redirect to <a href="http://google.com/op" target="_blank">http://google.com/op</a> which they might make an xri mount point to the I-brokered authority that serves the op xrd/s. If their op is a real xri-labelled authority, a ref field in the sep can even properly provide for delgated authorization of xrd files by user authorities (which openid auth hacks up as openid delegation, when abusing the semantics of the op local id field per jonny bufu's recent message).<br>
<br>
I dont think its hard to meet professional security engineering standards within openid: just be complete about xri semantics (even when using http identifiers). We dont need custom extensions for discovery, particularly if they project idp-centric vs user centric identity models.<br>
<br>
But lets wait and see how they are signing the xrd files (the way the openxri server does it (per the standard), or "otherwise"). The validity logic for verifying that signature will tell us what class of trust semantics they are working towards: google as ttp for attribute sharing, or uci.<br>
<br>
________________________________<br>
From: Andrew Arnott <<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>><br>
Sent: Thursday, July 09, 2009 8:30 PM<br>
To: Peter Williams <<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>><br>
Cc: Eric Sachs <<a href="mailto:esachs@google.com">esachs@google.com</a>>; <a href="mailto:general@openid.net">general@openid.net</a> <<a href="mailto:general@openid.net">general@openid.net</a>>; Paul Johnston <<a href="mailto:paj@pajhome.org.uk">paj@pajhome.org.uk</a>><br>
Subject: Re: [OpenID] What is my Google OpenID URL?<br>
<br>
Wow. I'm going to have to use that tinyurl everywhere now. :-p<br>
<br>
--<br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br>
<br>
On Thu, Jul 9, 2009 at 8:24 PM, Peter Williams <<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a><mailto:<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>>> wrote:<br>
come on google, it takes you 10s to have a redirector URL (<a href="http://op.google.com" target="_blank">op.google.com</a><<a href="http://op.google.com" target="_blank">http://op.google.com</a>>, perhaps?) redirect to the <a href="https://www.google.com/accounts/o8/id" target="_blank">https://www.google.com/accounts/o8/id</a>. Conforming RPs are require to follow the redirect, before detecting that the XRD at that address is an law#4-capable OP, vs a user.<br>
<br>
<br>
<a href="http://tinyurl.com/googop" target="_blank">http://tinyurl.com/googop</a> now produces<br>
<?xml version="1.0" encoding="UTF-8" ?><br>
-<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"><br>
-<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <XRD><br>
-<file:///C:/Documents%20and%20Settings/peter/Desktop/id.xml#> <Service priority="0"><br>
<Type><a href="http://specs.openid.net/auth/2.0/server" target="_blank">http://specs.openid.net/auth/2.0/server</a></Type><br>
<Type><a href="http://openid.net/srv/ax/1.0" target="_blank">http://openid.net/srv/ax/1.0</a></Type><br>
<Type><a href="http://specs.openid.net/extensions/ui/1.0/mode/popup" target="_blank">http://specs.openid.net/extensions/ui/1.0/mode/popup</a></Type><br>
<Type><a href="http://specs.openid.net/extensions/ui/1.0/icon" target="_blank">http://specs.openid.net/extensions/ui/1.0/icon</a></Type><br>
<Type><a href="http://specs.openid.net/extensions/pape/1.0" target="_blank">http://specs.openid.net/extensions/pape/1.0</a></Type><br>
<URI><a href="https://www.google.com/accounts/o8/ud" target="_blank">https://www.google.com/accounts/o8/ud</a></URI><br>
</Service><br>
</XRD><br>
<br>
im sure google can do better than <a href="http://tinyurl.com" target="_blank">tinyurl.com</a><<a href="http://tinyurl.com" target="_blank">http://tinyurl.com</a>>!<br>
<br>
How about <a href="http://op.google.com" target="_blank">op.google.com</a><<a href="http://op.google.com" target="_blank">http://op.google.com</a>>?!<br>
<br>
________________________________<br>
From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a><mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>> [<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a><mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>>] On Behalf Of Andrew Arnott [<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a><mailto:<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>>]<br>
Sent: Thursday, July 09, 2009 7:16 PM<br>
To: Eric Sachs<br>
Cc: <a href="mailto:general@openid.net">general@openid.net</a><mailto:<a href="mailto:general@openid.net">general@openid.net</a>>; Paul Johnston<br>
Subject: Re: [OpenID] What is my Google OpenID URL?<br>
<br>
Note that using your Blogger blog URL is not equivalent to using <a href="https://www.google.com/accounts/o8/id" target="_blank">https://www.google.com/accounts/o8/id</a>. Besides the user interface of the login experience being completely different, Blogger's Provider is only an OpenID 1.1 provider, whereas Google's <a href="https://www.google.com/accounts/o8/id" target="_blank">https://www.google.com/accounts/o8/id</a> OpenID Provider is a more secure OpenID 2.0 provider.<br>
<br>
--<br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br>
<br>
On Thu, Jul 9, 2009 at 6:38 PM, Eric Sachs <<a href="mailto:esachs@google.com">esachs@google.com</a><mailto:<a href="mailto:esachs@google.com">esachs@google.com</a>><mailto:<a href="mailto:esachs@google.com">esachs@google.com</a><mailto:<a href="mailto:esachs@google.com">esachs@google.com</a>>>> wrote:<br>
If you create a blog on Google's blogger service, then you can type the name of that blog into OpenID login boxes.<br>
<br>
If you are willing to be really geeky, type in <a href="https://www.google.com/accounts/o8/id" target="_blank">https://www.google.com/accounts/o8/id</a>. That points to the generic Google identity provider, and you will be redirected back with an opaque identifier. But we don't actually expect anyone to know to do that which is why a lot of OpenID relying parties are supporting other user interfaces with buttons for Google. For example, see <a href="http://uservoice.com/session/new" target="_blank">http://uservoice.com/session/new</a><br>
<br>
Similarly a lot of blogs allow you to comment and identify you with an OpenID URL, and while you can try one of the tricks above, many of the blog commenting interfaces also include buttons (or the NASCAR style UI as the community likes to call it) to help users navigate their way through.<br>
<br>
On Tue, Jul 7, 2009 at 11:34 PM, Paul Johnston <<a href="mailto:paj@pajhome.org.uk">paj@pajhome.org.uk</a><mailto:<a href="mailto:paj@pajhome.org.uk">paj@pajhome.org.uk</a>><mailto:<a href="mailto:paj@pajhome.org.uk">paj@pajhome.org.uk</a><mailto:<a href="mailto:paj@pajhome.org.uk">paj@pajhome.org.uk</a>>>> wrote:<br>
Hi,<br>
<br>
I'm sorry for asking such an obvious question, but after considerable<br>
time spent searching for this I am unable to figure this out.<br>
<br>
My google account name is paul.paj. I would like to login to<br>
<a href="http://bitbucket.org" target="_blank">bitbucket.org</a><<a href="http://bitbucket.org" target="_blank">http://bitbucket.org</a>><<a href="http://bitbucket.org" target="_blank">http://bitbucket.org</a>> using OpenID. How do I do it?<br>
<br>
Paul<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><mailto:<a href="mailto:general@openid.net">general@openid.net</a>><mailto:<a href="mailto:general@openid.net">general@openid.net</a><mailto:<a href="mailto:general@openid.net">general@openid.net</a>>><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><mailto:<a href="mailto:general@openid.net">general@openid.net</a>><mailto:<a href="mailto:general@openid.net">general@openid.net</a><mailto:<a href="mailto:general@openid.net">general@openid.net</a>>><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br>
<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</blockquote></div><br></div>