|
|
Re: OpenID, YADIS and Directed Identity: msg#00098web.openid.general
Johannes Ernst <jernst+lists.danga.com <at> netmesh.us> writes: > > > ... in my > > scenario, you wouldn't enter "mart.whatever.com" at the initial > > login, screen. > > Instead you would only enter "whatever.com". At this point, then, > > the replying > > part only knows you are somehow attached to "whatever.com". You > > are then > > redirected (302) to whatever.com's login page. Unlike the current > > scenario, > > the identity server (whatever.com) has at this point no idea who > > you are, so > > instead of asking just for your password and presenting the "user" > > field > > already filled out, you would need to specify your user name at > > whatever.com's > > login screen as well. > > Not necessarily. The identity server can have a cookie, shared only > with itself, that identifies who you are. So the sequence would be > > GET relying-party -> HTML form > POST relying party identity=whatever.com -> Redirect to whatever.com > GET whatever.com cookie=myid -> Redirect to whatever.com/myid > GET whatever.com/myid -> Redirect to relying party with signed URL > (if active session, otherwise ask for password first) > > P.S. No hunting party as long as everybody understands that this > is about something other than YADIS 1.0. > > Johannes Ernst > NetMesh Inc. > > > > > http://netmesh.info/jernst > > Hi Johannes! You're right, of course. My point was to emphasize the fact that the identity server has no idea who you are *from* the relying party, which means that subsequent provisioning of a generated ID won't provide a basis for correlation. If you are currently logged in to your identity server, your cookies can trigger "auto-fill" for your user name, when you are redirected to "whatever.com". That's a good point! So, ergonomically, you haven't given up anything important to the relying party yet, but when you arrive at whatever.com's site, it may know who you are through its own devices and thus you haven't really lost any momentum in the process. That's cool. I don't know what the real need/demand is for this functionality, but I do know that I've had to defend/address YADIS/OpenID not having it several times in the past few weeks. Again this is really an OpenID issue, not a YADIS one, and one we can take up later. This is an interesting "upgrade" to consider, though. -Mike |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: OpenID, YADIS and Directed Identity: 00098, Johannes Ernst |
|---|---|
| Next by Date: | Re: Introducing Zooomr, a photo sharing site that speaks your language and OpenID: 00098, Kristopher Tate |
| Previous by Thread: | Re: OpenID, YADIS and Directed Identityi: 00098, Johannes Ernst |
| Next by Thread: | RE: OpenID, YADIS and Directed Identity: 00098, Drummond Reed |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |