<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Your question makes sense.<div><br></div><div>Users giving there passwords to RPs is what openID is trying to prevent.</div><div>That is why passwords are not supported in the redirect.</div><div><br></div><div>If you are trying to do authentication in an app then oAuth may be a better choice for web services.</div><div><br></div><div>I don't know enough about your use case to give you a firm recommendation, other than openID may not be appropriate.</div><div><br></div><div>John B.</div><div><div><div>On 2009-10-13, at 1:07 PM, Anthony Brassac wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Hi all,<br>Sorry I'm not very knowledgeable on everything that's network related, therefore I apologize if my question is stupid.<br>We're trying to implement a webservice that queries our system for which users need identification. We would like to be able to send both the user's open id url along with the password. There doesn't seem to be any such mechanism in open id's specifications. Now even to a newby like me it seems pretty unsafe to transfer a password in a get/post, but maybe someone came up with a more secured way of doing such a thing?<br>
Basically we'd like to achieve something that more or less looks like <a href="http://www.myserver.com/myservice?action=myaction&user=myuser&password=mypassword">www.myserver.com/myservice?action=myaction&user=myuser&password=mypassword</a>, and that would return the result of myaction based on the credentials of myuser (identified by mypassword).<br>
I tried to search around on various forums but couldn't really find anyone with the same problem, it seems most people use open id with a web interface, not so much from webservice calls like that. Obviously we'd like to avoid this call to redirect users to a login page, since most of our users will use it programmatically.<br>
Thanks a lot and again sorry if that makes no sense,<br>Anthony<br>
_______________________________________________<br>security mailing list<br><a href="mailto:security@lists.openid.net">security@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-security<br></blockquote></div><br></div></body></html>