openid_url as query parameter
Dick Hardt
dick at sxip.com
Thu Sep 13 16:44:02 UTC 2007
A well implemented RP could remember your OpenID and fill it in for
you so that you don't have to type it in when you return, similar to
what sites do for remembering which user ID you used when you last
visited.
-- Dick
On 13-Sep-07, at 9:35 AM, Chris Messina wrote:
> You can do this (though I imagine security people will tell you not
> to) and there's already at least one site doing it: Blinksale.
>
> Chris
>
> On 9/13/07, news letter <gorriro.newsletters at gmail.com> wrote:
>> Dear OpenID enthousiasts,
>>
>> I have visited some OpenID enabled sites. I have found that they
>> require
>> submitting a form with my OpenID to get the process going. I'm no
>> expert and
>> neither a heavy OpenID user. But I was wondering what would happen
>> if the
>> OpenID enabled website could support adding my OpenID as a request
>> parameter?
>>
>> Instead of this flow:
>> 1. Http GET request for http://myenabledsite.com/index.php
>> 2. Fill in OpenID in form and click Submit
>> 3. OpenID processing (possibly requiring authentication)
>> 4. Logged in to myenabledsite.com
>>
>> I would get this flow:
>> 1. Http GET request for
>> http://myenabledsite.com/index.php?openid_url=http://getopenid.com/
>> sampleid
>> 2. OpenID processing (possibly requiring authentication)
>> 3. Logged in to myenabledsite.com
>>
>> I would eliminate step 2 of the orginal process.
>> I could bookmark my favourite Open-ID enabled sites with the request
>> parameter added, never having to fill in the form anymore.
>> If I was logged in to my OpenID provider already, I would have a
>> 'true'
>> Single Sign-On experience.
>>
>> It's hard to imagine I would be the first to think of this and
>> there are
>> probably good reasons not to implement OpenID like this. So I am very
>> curious as to what those reasons are.
>> Two, I could think of myself are:
>> 1. that this request parameter would have to be standardised in a
>> way so
>> that users wouldn't have to 'guess' at it
>> 2. that you would still have to find out which page to GET with
>> the request
>> parameter. Not all sites 'start' at /index.php. A possible
>> solution for this
>> would be not to use a request parameter but a standard URL. You
>> would be
>> able to login with OpenID to every enabled site at
>> http://<domain>/openid/<your openid>.
>>
>> Thanks in advance for your feedback.
>>
>> Kind regards,
>> Robin
>>
>> _______________________________________________
>> user-experience mailing list
>> user-experience at openid.net
>> http://openid.net/mailman/listinfo/user-experience
>>
>>
>
>
> --
> Chris Messina
> Citizen Provocateur &
> Open Source Advocate-at-Large
> Work: http://citizenagency.com
> Blog: http://factoryjoe.com/blog
> Cell: 412 225-1051
> Skype: factoryjoe
> This email is: [ ] bloggable [X] ask first [ ] private
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
>
More information about the user-experience
mailing list