[step2] Re: OpenID Popup Extension - Draft 0
George Fletcher
gffletch at aol.com
Mon Feb 16 20:11:11 UTC 2009
Breno de Medeiros wrote:
>
>
> On Mon, Feb 16, 2009 at 11:31 AM, Ben Clemens
> <bclemens at currentmedia.com <mailto:bclemens at currentmedia.com>> wrote:
>
> > I'd still like to see the capability for RP's to provide UI
> > customizations be available in this extension.
> >
> > Another option would be to put add them as optional values to this
> > extension and then use the OpenID 2 RP discovery mechanism as a
> way to
> > verify the RP if that's important to the OP (trusted RP's could be
> > recognized by the RP's realm). In additional to title, I like
> to see an
> > image representing the RP.
> >
> > openid.ns.ux = http://specs.openid.net/extensions/ux/popup/1.0
> > openid.ns.title = "Coffee & Tea Express"
> > openid.ns.rpimage = http://cafe-rp.example.com/site/image.jpg
>
>
> Are you proposing to send images on unsigned requests from unknown
> sources and have the OP dynamically include it in images show to
> end-users?
Argh... yes, that is what I was suggesting but I forgot that OpenID RP
requests are not signed. Not sure why they aren't signed if an
association has been made... but as that's not part of the spec it's not
a solution.
I still believe this is an important feature, and was hoping to avoid
out-of-band provisioning as that makes this feature OP specific and RP's
may have to do different things to work with different OPs. But maybe
that's the only solution right now:(
Maybe the OpenID 2.1 WG could take on "signed RP authn requests" :)
Could probably just leverage 2-legged OAuth with the consumer
token:secret representing the RP.
Thanks,
George
>
>
>
> >
> > We currently have one use case where the description of what the
> user is
> > doing changes based on the RP, but that's slightly more related to
> > something like the OpenID+OAuth hybrid so might not be necessary.
>
> +1 to that! :)
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net <mailto:user-experience at openid.net>
> http://openid.net/mailman/listinfo/user-experience
>
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google
> Groups "Step2" group.
> To post to this group, send email to step2 at googlegroups.com
> To unsubscribe from this group, send email to
> step2+unsubscribe at googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/step2?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
More information about the user-experience
mailing list