[OpenID] FB Connect, OpenID and UX

David Fuelling sappenin at gmail.com
Tue Dec 16 19:21:14 UTC 2008


On Tue, Dec 16, 2008 at 4:41 PM, Johannes Ernst <jernst+openid.net@
netmesh.us> wrote:

> It's a bit more complicated than that. In many of those cases there is a
> requirement that some service (say the travel site, for argument's sake)
> cannot tell the difference whether it was the executive or the assistant who
> logged in. (Let's call it the vanity argument: executive is trying to
> pretend that she can be on top of all things at the same time)
>
> Also, the information that assistant is allowed to act on behalf of the
> executive should be centralized in one place (perhaps the corporate
> directory, for argument's sake), while relying parties should not have to be
> modified to allow for this delegation model or, see above, not even be able
> to tell.
>
> I'm thinking that some kind of chained identity might help ... where, say,
> assistant uses OpenID example.com/alice and executive uses example.com/bob,
> both of which can be used to authenticate into the account
> example.com/executive. That latter OpenID would then be used by either to
> log into the travel site.
>
>
Couldn't you use OAuth here, except instead of providing access to an
application, you're providing access to a piece of what a particular user
could use?  After all, isn't OAuth about authorization?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20081216/71623dbf/attachment-0002.htm>


More information about the user-experience mailing list