[step2] Re: OpenID Popup Extension - Draft 0

George Fletcher gffletch at aol.com
Mon Feb 16 20:11:11 UTC 2009


Breno de Medeiros wrote:
>
>
> On Mon, Feb 16, 2009 at 11:31 AM, Ben Clemens 
> <bclemens at currentmedia.com <mailto:bclemens at currentmedia.com>> wrote:
>
>     > I'd still like to see the capability for RP's to provide UI
>     > customizations be available in this extension.
>     >
>     > Another option would be to put add them as optional values to this
>     > extension and then use the OpenID 2 RP discovery mechanism as a
>     way to
>     > verify the RP if that's important to the OP (trusted RP's could be
>     > recognized by the RP's realm).  In additional to title, I like
>     to see an
>     > image representing the RP.
>     >
>     >    openid.ns.ux = http://specs.openid.net/extensions/ux/popup/1.0
>     >    openid.ns.title = "Coffee & Tea Express"
>     >    openid.ns.rpimage = http://cafe-rp.example.com/site/image.jpg
>
>
> Are you proposing to send images on unsigned requests from unknown 
> sources and have the OP dynamically include it in images show to 
> end-users?
Argh... yes, that is what I was suggesting but I forgot that OpenID RP 
requests are not signed. Not sure why they aren't signed if an 
association has been made... but as that's not part of the spec it's not 
a solution.

I still believe this is an important feature, and was hoping to avoid 
out-of-band provisioning as that makes this feature OP specific and RP's 
may have to do different things to work with different OPs. But maybe 
that's the only solution right now:(

Maybe the OpenID 2.1 WG could take on "signed RP authn requests" :) 
Could probably just leverage 2-legged OAuth with the consumer 
token:secret representing the RP.

Thanks,
George
>  
>
>
>     >
>     > We currently have one use case where the description of what the
>     user is
>     > doing changes based on the RP, but that's slightly more related to
>     > something like the OpenID+OAuth hybrid so might not be necessary.
>
>     +1 to that! :)
>
>     _______________________________________________
>     user-experience mailing list
>     user-experience at openid.net <mailto:user-experience at openid.net>
>     http://openid.net/mailman/listinfo/user-experience
>
>
>
>
> -- 
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google 
> Groups "Step2" group.
> To post to this group, send email to step2 at googlegroups.com
> To unsubscribe from this group, send email to 
> step2+unsubscribe at googlegroups.com
> For more options, visit this group at 
> http://groups.google.com/group/step2?hl=en
> -~----------~----~----~----~------~----~------~--~---
>



More information about the user-experience mailing list