Martin,<br><br>Thanks for the response! I'm looking at those specs now, and I really like the flow of the HTTP Authentication spec, because it looks like it's solving the problem of passing the OpenID Identifier to the RP in an automated way, which is really cool. Looks like it needs to be "fleshed out" in some parts, though.
<br><br>As for the Signature Request protocol, I'm not quite sure what it does yet, but I'll let you know my opinion once I've digested it.<br><br>Thanks!<br><br>John<br><br><div><span class="gmail_quote">On 9/3/07,
<b class="gmail_sendername">Martin Atkins</b> <<a href="mailto:mart@degeneration.co.uk" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mart@degeneration.co.uk</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">John Ehn wrote:<br>> The Inline Authentication Extension attempts to solve the problem of
<br>> legacy and interactive applications (Telnet/SSH) that are unable to<br>> launch a client Web Browser to perform an authentication request.<br>><br>> <a href="http://extremeswank.com/openid_inline_auth.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://extremeswank.com/openid_inline_auth.html</a><br>><br>> This is done through the use of "verification keys", which are<br>> provided either as needed by the OpenID Provider, or provided on a<br>> rotating basis from a hardware crypto device, or a key generating
<br>> token (SecurID).<br>><br>Hi John,<br><br>This is a good, well-written spec. It seems that it could be at home<br>alongside OpenID HTTP Authentication[1] and possibly Signature Request<br>Protocol[2], though I've not quite figured out exactly how they relate
<br>to one another yet. I think there may be some overlap between SRP and<br>Inline Auth, since they are effectively trying to solve much the same<br>problem.<br><br>However, I'm wondering if Inline Auth addresses some or all of the
<br>concerns I described on the Signature Request Protocol wiki page. I'll<br>look at this in more detail later, but if you'd like to comment that'd<br>certainly make my life easier. :)<br><br>[1] <a href="http://openid.net/wiki/index.php/OpenID_HTTP_Authentication" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://openid.net/wiki/index.php/OpenID_HTTP_Authentication</a><br>[2] <a href="http://openid.net/wiki/index.php/Signature_Request_Protocol" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://openid.net/wiki/index.php/Signature_Request_Protocol
</a><br><br>_______________________________________________
<br>specs mailing list<br><a href="mailto:specs@openid.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">specs@openid.net</a><br><a href="http://openid.net/mailman/listinfo/specs" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://openid.net/mailman/listinfo/specs</a><br></blockquote></div><br>