OpenID Inline Authentication Extension 1.0 Draft 1
John Ehn
john at extremeswank.com
Mon Sep 3 12:31:22 UTC 2007
Martin,
Thanks for the response! I'm looking at those specs now, and I really like
the flow of the HTTP Authentication spec, because it looks like it's solving
the problem of passing the OpenID Identifier to the RP in an automated way,
which is really cool. Looks like it needs to be "fleshed out" in some
parts, though.
As for the Signature Request protocol, I'm not quite sure what it does yet,
but I'll let you know my opinion once I've digested it.
Thanks!
John
On 9/3/07, Martin Atkins <mart at degeneration.co.uk> wrote:
>
> John Ehn wrote:
> > The Inline Authentication Extension attempts to solve the problem of
> > legacy and interactive applications (Telnet/SSH) that are unable to
> > launch a client Web Browser to perform an authentication request.
> >
> > http://extremeswank.com/openid_inline_auth.html
> >
> > This is done through the use of "verification keys", which are
> > provided either as needed by the OpenID Provider, or provided on a
> > rotating basis from a hardware crypto device, or a key generating
> > token (SecurID).
> >
> Hi John,
>
> This is a good, well-written spec. It seems that it could be at home
> alongside OpenID HTTP Authentication[1] and possibly Signature Request
> Protocol[2], though I've not quite figured out exactly how they relate
> to one another yet. I think there may be some overlap between SRP and
> Inline Auth, since they are effectively trying to solve much the same
> problem.
>
> However, I'm wondering if Inline Auth addresses some or all of the
> concerns I described on the Signature Request Protocol wiki page. I'll
> look at this in more detail later, but if you'd like to comment that'd
> certainly make my life easier. :)
>
> [1] http://openid.net/wiki/index.php/OpenID_HTTP_Authentication
> [2] http://openid.net/wiki/index.php/Signature_Request_Protocol
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070903/45dc4184/attachment-0001.htm>
More information about the specs
mailing list