Discovery of an OpenID session at an OP

Chris Obdam chris.obdam at holder.nl
Mon Dec 14 12:22:14 UTC 2009 

Aaahhh. That's nice!

Wondering how other people think about this subject!
Where can I find more info on this subject, perhaps previous discussions?

Cheers,

Chris


Op 14 dec 2009, om 12:21 heeft David Recordon het volgende geschreven:

> Hey Chris,
> Check out Google's openid.ui.x-has-session parameter, it lets your
> discover if a user has an active session with Google.  This hasn't
> really been used yet, but there's a general consensus to roll this
> sort of functionality into the UX extension once a few RPs and OPs
> have shown that it works.
> 
> --David
> 
> On Mon, Dec 14, 2009 at 12:48 AM, Chris Obdam <chris.obdam at holder.nl> wrote:
>> Hi all (again ;-)),
>> 
>> I have implemented OpenID with quite a lot RP's now. Each time I struggle with the UX. Yes it is becoming more and more effective but it's not there yet.
>> 
>> What I would like to offer to my user is automatic discovery of OpenID sessions at the OP. I am already logged in at Google, Hyves (large dutch Social Network), Yahoo and others. But each time I have to select on of those out of a set of OP's which I don't use.
>> 
>> When I enter a RP, the RP could do a redirect to a OP (in an iframe for example) and ask if the OP has a logged in user. This could be a simple anonymous request which returns a true or false. If true the UX can be different, you know there is a session so you could automatically start a OpenID transaction for the user. The end user only needs to confirm usages of their data (normal first step OpenID).
>> 
>> The RP can decide for it self which OP's to check automatically.
>> 
>> Of course we need to make sure that the end user still has a choice in using his own OP. But know the RP knows that this (anonymous) user has an OpenID or not, and if so, where.
>> 
>> Yes, this means an extra load on the OP's, but I hope they don't mind. If you supply this service as an Op it means that your users will be using their indentity a bit more on other websites, hopefully. Which is a big +. (Maybe Allen Tom can react on this one? ;-))
>> 
>> I think there a no real privacy issues with this idea? Ok, you know from this anonymous user that he or she has an OpenID with XXX, but is that a bad thing?
>> 
>> Hope to get some comments on my thoughts!
>> 
>> Cheers,
>> 
>> Chris
>> OpenID Holland
>> _______________________________________________
>> specs mailing list
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs
>>

More information about the specs mailing list