OpenID Mobile Profile?

Allen Tom atom at yahoo-inc.com
Mon Feb 2 19:56:23 UTC 2009 

Hi Nat,

OpenID has a huge opportunity in the mobile market, because logging 
in/registering is at least an order of magnitude more painful on a 
handset than on a standard desktop browser. Even with my iPhone, logging 
in is terrible, and I can't think of a single time I've bothered to 
register.

At least from my perspective, I'm more interested in discussing UX 
rather than protocol changes. Although the URLs are getting really long, 
the URL length is an implementation detail that is mostly hidden from 
the user. Supporting the equivalent of SAML's artifact binding as an 
additional OpenID communication mode isn't really going to improve the 
UX for users of iPhone class devices.

Because OpenID and OAuth appear to be converging, I'd prefer to see 
artifact-type binding implemented using OAuth's Request Token. In OAuth, 
the RP (aka Consumer) first requests a Request Token using direct 
communication, and then redirects the browser to the OP (aka SP) with 
the Request Token to maintain the state. Instead of having the browser 
pass all the request parameters on the URL, all the parameters are 
represented by the Request Token, which is intented to be relatively short.

Allen


Nat Sakimura wrote:
> Hi.
>
> Are there poeple who are interested in discussing OpenID Mobile 
> profile sort of thing?
> Mobile phones has unique challenges of being restricted in URL length 
> etc.
> OpenID as it stands now has very lengthy URLs in both requests and 
> responses and it sometimes does not fit into the restrictions.
> SAML world has defined artifact binding to cope with it. IMHO, OpenID 
> should define something like that also.
>
> In Japan, there are bunch of people (including mobile carriers) who 
> wants to do it.
>
> Are there interest here as well?
>
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> ------------------------------------------------------------------------
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090202/41e2ae5f/attachment-0001.htm>

More information about the specs mailing list