openid_url as query parameter

Chris Messina chris.messina at gmail.com
Thu Sep 13 16:35:04 UTC 2007 

You can do this (though I imagine security people will tell you not
to) and there's already at least one site doing it: Blinksale.

Chris

On 9/13/07, news letter <gorriro.newsletters at gmail.com> wrote:
> Dear OpenID enthousiasts,
>
> I have visited some OpenID enabled sites. I have found that they require
> submitting a form with my OpenID to get the process going. I'm no expert and
> neither a heavy OpenID user. But I was wondering what would happen if the
> OpenID enabled website could support adding my OpenID as a request
> parameter?
>
> Instead of this flow:
> 1. Http GET request for http://myenabledsite.com/index.php
> 2. Fill in OpenID in form and click Submit
> 3. OpenID processing (possibly requiring authentication)
> 4. Logged in to myenabledsite.com
>
> I would get this flow:
> 1. Http GET request for
> http://myenabledsite.com/index.php?openid_url=http://getopenid.com/sampleid
> 2. OpenID processing (possibly requiring authentication)
> 3. Logged in to myenabledsite.com
>
> I would eliminate step 2 of the orginal process.
> I could bookmark my favourite Open-ID enabled sites with the request
> parameter added, never having to fill in the form anymore.
> If I was logged in to my OpenID provider already, I would have a 'true'
> Single Sign-On experience.
>
> It's hard to imagine I would be the first to think of this and there are
> probably good reasons not to implement OpenID like this. So I am very
> curious as to what those reasons are.
> Two, I could think of myself are:
> 1. that this request parameter would have to be standardised in a way so
> that users wouldn't have to 'guess' at it
>  2. that you would still have to find out which page to GET with the request
> parameter. Not all sites 'start' at /index.php. A possible solution for this
> would be not to use a request parameter but a standard URL. You would be
> able to login with OpenID to every enabled site at
> http://<domain>/openid/<your openid>.
>
> Thanks in advance for your feedback.
>
> Kind regards,
> Robin
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
>


-- 
Chris Messina
Citizen Provocateur &
  Open Source Advocate-at-Large
Work: http://citizenagency.com
Blog: http://factoryjoe.com/blog
Cell: 412 225-1051
Skype: factoryjoe
This email is:   [ ] bloggable    [X] ask first   [ ] private

More information about the user-experience mailing list