Re: OpenID Login Page Link Tag

[Martin Atkins]

Drummond Reed wrote:
 I initially agreed as well. But to play devil's advocate, the link-to-XRDS
 option could actually be pretty efficient. Any HTML page could simply
 advertise the availability of its Yadis XRDS file using an XRDS link in the
 header. Assuming that many or all of the pages on a site would be covered by
 the same XRDS file, the browser would only need to download it once to cover
 the entire site. The XRDS would expire (using the same cache control that
 XRI resolvers use) and be refreshed as needed.
 
 This is the architecture that P3P used
 (http://www.w3.org/TR/P3P/#ref_syntax). 
 
 The XRDS file could provide discovery of multiple services representing the
 RP, not just the login page.
 

This is not incredibly different to what happens when you have a 
site-wide CSS stylesheet. In fact, it is possibly *better* than that 
situation since you don't need to delay page rendering while waiting for 
the Yadis document to download.

I wonder, though, whether we are asking too much of browsers' plugin 
interfaces? This is an honest question, as someone who's never written a 
browser chrome plugin before.

I guess IE's ones are just COM objects and can thus do whatever they 
like, but what of Firefox? Chrome overlays? Does that mean that they can 
access the HTTP component somehow to make HTTP requests?

I think Opera's pretty unlikely as it has no real plugin interface to 
speak of. I have no idea at all about Safari.

Anyone care to elaborate? There's no point in speccing something that's 
unimplementable, but it's probably okay as long as IE and Firefox can do 
it; the others can just catch up later.


___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: OpenID Login Page Link Tag (was RE: PROPOSAL: OpenID Form Clarification (A.4))

[Johannes Ernst]

Isn't this a case where the Yadis infrastructure should be used  
instead of Yet Another Link Tag?



On Oct 19, 2006, at 8:21, Drummond Reed wrote:

Martin, I agree with Dick, this is a fascinating idea. P3P had the  
same idea
notion for a site advertising the location of the P3P privacy  
policy: it
defined a standard HTML/XHTML link tag that could be put on any  
page of a
site that told the browser where to locate the P3P policy document  
for the

site (or for any portion of the site).

http://www.w3.org/TR/P3P/#ref_syntax

Are you proposing the same thing for OpenID login?

(Kewl!)

=Drummond

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On  
Behalf

Of Dick Hardt
Sent: Thursday, October 19, 2006 12:53 AM
To: Martin Atkins
Cc: specs@openid.net
Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)


On 19-Oct-06, at 12:35 AM, Martin Atkins wrote:


Dick Hardt wrote:


In order for the RUA to detect that a site supports OpenID, it  
sees a
form with a single input with a name of openid_identiifier. The  
RUA

can then look at the action and post the data directly to the RP.



I think it'd be better to implement this as either a META or a LINK
element alongside a standard protocol for communicating with the
nominated URL.

This way the site can declare on *all pages*, rather than on the
forms-based login page, that it accepts OpenID auth. This allows the
user to go to the RP's home page (or any other page) and click the
OpenID Login button on the browser's toolbar and have it work.


That is an interesting idea. Would you like to take a stab at more
specifics?

-- Dick
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs


Johannes Ernst
NetMesh Inc.



 http://netmesh.info/jernst




___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs