Wondering how to avoid additional round trips... and if there's anything in html5 that would let OPs advertise existence of sessions client side.
Or if there should be (perhaps generalized to a service discovery service on the client). On Monday, December 14, 2009, Chris Obdam <[email protected]> wrote: > Aaahhh. That's nice! > > Wondering how other people think about this subject! > Where can I find more info on this subject, perhaps previous discussions? > > Cheers, > > Chris > > > Op 14 dec 2009, om 12:21 heeft David Recordon het volgende geschreven: > >> Hey Chris, >> Check out Google's openid.ui.x-has-session parameter, it lets your >> discover if a user has an active session with Google. This hasn't >> really been used yet, but there's a general consensus to roll this >> sort of functionality into the UX extension once a few RPs and OPs >> have shown that it works. >> >> --David >> >> On Mon, Dec 14, 2009 at 12:48 AM, Chris Obdam <[email protected]> wrote: >>> Hi all (again ;-)), >>> >>> I have implemented OpenID with quite a lot RP's now. Each time I struggle >>> with the UX. Yes it is becoming more and more effective but it's not there >>> yet. >>> >>> What I would like to offer to my user is automatic discovery of OpenID >>> sessions at the OP. I am already logged in at Google, Hyves (large dutch >>> Social Network), Yahoo and others. But each time I have to select on of >>> those out of a set of OP's which I don't use. >>> >>> When I enter a RP, the RP could do a redirect to a OP (in an iframe for >>> example) and ask if the OP has a logged in user. This could be a simple >>> anonymous request which returns a true or false. If true the UX can be >>> different, you know there is a session so you could automatically start a >>> OpenID transaction for the user. The end user only needs to confirm usages >>> of their data (normal first step OpenID). >>> >>> The RP can decide for it self which OP's to check automatically. >>> >>> Of course we need to make sure that the end user still has a choice in >>> using his own OP. But know the RP knows that this (anonymous) user has an >>> OpenID or not, and if so, where. >>> >>> Yes, this means an extra load on the OP's, but I hope they don't mind. If >>> you supply this service as an Op it means that your users will be using >>> their indentity a bit more on other websites, hopefully. Which is a big +. >>> (Maybe Allen Tom can react on this one? ;-)) >>> >>> I think there a no real privacy issues with this idea? Ok, you know from >>> this anonymous user that he or she has an OpenID with XXX, but is that a >>> bad thing? >>> >>> Hope to get some comments on my thoughts! >>> >>> Cheers, >>> >>> Chris >>> OpenID Holland >>> _______________________________________________ >>> specs mailing list >>> [email protected] >>> http://lists.openid.net/mailman/listinfo/openid-specs >>> > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > -- -- John Panzer / Google [email protected] / abstractioneer.org / @jpanzer _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
