OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID FormClarification (A.4))

Recordon, David drecordon at verisign.com
Fri Oct 20 03:23:59 UTC 2006 

I think I'd have to agree.  Been thinking about this a lot recently and
the overhead within Yadis seems unreasonable for a browser to perform
against a RP.  Technically the RP could not have anything in the HTML
meaning the browser would have to do Yadis on every page view.

I'd be inclined to use a link tag, at least for the time being, to
discover relying parties.

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Chris Drake
Sent: Thursday, October 19, 2006 10:45 PM
To: Johannes Ernst
Cc: specs at openid.net
Subject: Re[2]: OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID
FormClarification (A.4))

Hi Johannes,

No - Yadis is inappropriate because user agents need to be able to
identify an OpenID login page (and endpoint if possible) *without*
accessing other resources.

Kind Regards,
Chris Drake


Friday, October 20, 2006, 10:33:40 AM, you wrote:

JE> Isn't this a case where the Yadis infrastructure should be used 
JE> instead of Yet Another Link Tag?


JE> On Oct 19, 2006, at 8:21, Drummond Reed wrote:

>> Martin, I agree with Dick, this is a fascinating idea. P3P had the
>> same idea
>> notion for a site advertising the location of the P3P privacy  
>> policy: it
>> defined a standard HTML/XHTML link tag that could be put on any  
>> page of a
>> site that told the browser where to locate the P3P policy document
>> for the
>> site (or for any portion of the site).
>>
>> 	http://www.w3.org/TR/P3P/#ref_syntax
>>
>> Are you proposing the same thing for OpenID login?
>>
>> (Kewl!)
>>
>> =Drummond
>>
>> -----Original Message-----
>> From: specs-bounces at openid.net
>> [mailto:specs-bounces at openid.net] On  
>> Behalf
>> Of Dick Hardt
>> Sent: Thursday, October 19, 2006 12:53 AM
>> To: Martin Atkins
>> Cc: specs at openid.net
>> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)
>>
>>
>> On 19-Oct-06, at 12:35 AM, Martin Atkins wrote:
>>
>>> Dick Hardt wrote:
>>>>
>>>> In order for the RUA to detect that a site supports OpenID, it  
>>>> sees a
>>>> form with a single input with a "name" of openid_identiifier. The
>>>> RUA
>>>> can then look at the action and post the data directly to the RP.
>>>>
>>>
>>> I think it'd be better to implement this as either a META or a LINK
>>> element alongside a standard protocol for communicating with the
>>> nominated URL.
>>>
>>> This way the site can declare on *all pages*, rather than on the
>>> forms-based login page, that it accepts OpenID auth. This allows the
>>> user to go to the RP's home page (or any other page) and click the
>>> "OpenID Login" button on the browser's toolbar and have it work.
>>
>> That is an interesting idea. Would you like to take a stab at more
>> specifics?
>>
>> -- Dick
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs

JE> Johannes Ernst
JE> NetMesh Inc.




_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs

More information about the specs mailing list