OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID Form Clarification (A.4))

Chris Drake christopher at pobox.com
Mon Oct 23 03:22:55 UTC 2006 

Hi Johannes,

Yep - that's right.  "Browser++" might also be an identity provision
service (eg: web site), or combination of service and browser
component.  Component will need to be a browser plugin with access to
the source of the page, and opportunity to enact changes to it (eg:
fill in the username), which will mean it probably supplies
JavaScript extensions into the page itself.

Your items 2, 3, 4, and 5 may also all be "grouped" into a single
automatic response in the case where a user has elected "single sign
on". 

Kind Regards,
Chris Drake


Sunday, October 22, 2006, 9:03:30 AM, you wrote:

JE> Chris, thanks for the answer, but I'm afraid I'm just as confused as
JE> before. I think I don't understand your scenario. So:
JE> 1) User navigates to a relying party
JE> 2) Browser++ (i.e. browser with some kind of extension) detects the
JE> fact that this a relying party (and the means by which that occurs is
JE> the subject of this discussion)
JE> 3) Browser++ shows some kind of user interface that's implemented by
JE> the browser++ instead of the relying party for identity selection etc.
JE> 4) User fills out whatever needs filling out / approving etc. in the
JE> browser++ user interface
JE> 5) Browser++ submits (e..g HTTP POST) to relying party at the right URL

JE> Did I get this right? I must be missing something, though, given the
JE> constraints you are listing?


JE> On Oct 21, 2006, at 8:17, Chris Drake wrote:

>> Hi Johannes,
>>
>> JavaScript can't talk Yadis, cannot maintain "state" between pages,
>> and is highly likely to be blocked from external resources by
>> cross-site-scripting security restrictions.  Even if it could go out
>> and resolve the OpenID info it needs from external resources, it would
>> halve the loading speed of every page involved.
>>
>> We should not ignore the opportunities that Identity 2.0 is presenting
>> to OpenID, so we need to ensure that hooks put in place to enable
>> Identity systems to use OpenID are added in a useable way.
>>
>> Kind Regards,
>> Chris Drake
>>
>>
>> Friday, October 20, 2006, 3:03:25 PM, you wrote:
>>
>> JE> Chris, I'm a little slow here, please bear with me. What's the
>> JE> reasoning for "without accessing other resources"?
>>
>> JE> I am with you if you said "we can't ask a user agent to first do a
>> JE> MIME type of XRDS". But what's the difference between adding a
>> new ad-
>> JE> hoc link tag in the HTML to the Yadis tag in the HTML or the HTTP
>> JE> header?
>>
>>
>>
>> JE> On Oct 19, 2006, at 19:44, Chris Drake wrote:
>>
>>>> Hi Johannes,
>>>>
>>>> No - Yadis is inappropriate because user agents need to be able to
>>>> identify an OpenID login page (and endpoint if possible) *without*
>>>> accessing other resources.
>>>>
>>>> Kind Regards,
>>>> Chris Drake
>>>>
>>>>
>>>> Friday, October 20, 2006, 10:33:40 AM, you wrote:
>>>>
>>>> JE> Isn't this a case where the Yadis infrastructure should be used
>>>> JE> instead of Yet Another Link Tag?
>>>>
>>>>
>>>> JE> On Oct 19, 2006, at 8:21, Drummond Reed wrote:
>>>>
>>>>>> Martin, I agree with Dick, this is a fascinating idea. P3P had the
>>>>>> same idea
>>>>>> notion for a site advertising the location of the P3P privacy
>>>>>> policy: it
>>>>>> defined a standard HTML/XHTML link tag that could be put on any
>>>>>> page of a
>>>>>> site that told the browser where to locate the P3P policy document
>>>>>> for the
>>>>>> site (or for any portion of the site).
>>>>>>
>>>>>> 	http://www.w3.org/TR/P3P/#ref_syntax
>>>>>>
>>>>>> Are you proposing the same thing for OpenID login?
>>>>>>
>>>>>> (Kewl!)
>>>>>>
>>>>>> =Drummond
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: specs-bounces at openid.net
>>>>>> [mailto:specs-bounces at openid.net] On
>>>>>> Behalf
>>>>>> Of Dick Hardt
>>>>>> Sent: Thursday, October 19, 2006 12:53 AM
>>>>>> To: Martin Atkins
>>>>>> Cc: specs at openid.net
>>>>>> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)
>>>>>>
>>>>>>
>>>>>> On 19-Oct-06, at 12:35 AM, Martin Atkins wrote:
>>>>>>
>>>>>>> Dick Hardt wrote:
>>>>>>>>
>>>>>>>> In order for the RUA to detect that a site supports OpenID, it
>>>>>>>> sees a
>>>>>>>> form with a single input with a "name" of openid_identiifier.
>>>>>>>> The
>>>>>>>> RUA
>>>>>>>> can then look at the action and post the data directly to the
>>>>>>>> RP.
>>>>>>>>
>>>>>>>
>>>>>>> I think it'd be better to implement this as either a META or a
>>>>>>> LINK
>>>>>>> element alongside a standard protocol for communicating with the
>>>>>>> nominated URL.
>>>>>>>
>>>>>>> This way the site can declare on *all pages*, rather than on the
>>>>>>> forms-based login page, that it accepts OpenID auth. This allows
>>>>>>> the
>>>>>>> user to go to the RP's home page (or any other page) and click
>>>>>>> the
>>>>>>> "OpenID Login" button on the browser's toolbar and have it work.
>>>>>>
>>>>>> That is an interesting idea. Would you like to take a stab at more
>>>>>> specifics?
>>>>>>
>>>>>> -- Dick
>>>>>> _______________________________________________
>>>>>> specs mailing list
>>>>>> specs at openid.net
>>>>>> http://openid.net/mailman/listinfo/specs
>>>>>>
>>>>>> _______________________________________________
>>>>>> specs mailing list
>>>>>> specs at openid.net
>>>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>> JE> Johannes Ernst
>>>> JE> NetMesh Inc.
>>>>
>>>>
>>>>
>>
>> JE> Johannes Ernst
>> JE> NetMesh Inc.
>>
>>
>>

JE> Johannes Ernst
JE> NetMesh Inc.

More information about the specs mailing list