openid.ui.mode for embedded devices

Hitoshi Uchida hitoshi.uchida at
Thu Feb 18 16:09:16 UTC 2010

Hi Allen,

Thank you for your comment.

> Although users generally authenticate with their OpenID Provider using a
> username/password, the OpenID spec does not require users to have passwords.
> OpenID currently requires users to have browsers so that users can
> authenticate using other methods besides a password.

I think, for instance, you mean a use case using PAPE because OP may
use CAPTCHA to authenticate the user in addition to username/password.
And also,  web browser would be needed for rich user interface for
login page.
However, concerning other method besides a password you mentioned, I
think almost of 'real' OP actually authenticate users by using only
And if OpenID specification limits only web browser use case, I think
OpenID wouldn't be spread to various use case; that is, OpenID would
be used only in web application use case.
As you know, recently many large and small embedded devices can
connect to internet, and they would like to obtain authentication way.
Especially small devices would like to delegate the authentication
process to external components or services.

> If you do expect to authenticate users with a username/password on a
> browserless client, then I suggest looking at Oauth-WRAP's username/password
> profile defined in section 5.3 of the WRAP spec.

Although the profile targets a browser-less use case, installed
applications are targeted like iPhoto collaborating with Flickr. The
use case I mentioned is that the devices and RP isn't same position.

Concerning OAuth WRAP 5.4 'Web App Profile' also expects User has browser.
So, the new openid.ui.mode for embedded devices I mentioned in
previous mail would be also useful to OAuth WRAP if OP uses OpenID
OAuth hybrid protocol like Google Federated Login API.

Best Regards,
Hitoshi Uchida <hitoshi.uchida at>

More information about the user-experience mailing list