Re: Non-interactive logins
Hi Anders, You might want to check out OAuth ... it was developed for just such a situation. - Scott On Tue, Jul 15, 2008 at 4:20 AM, Anders Feder [EMAIL PROTECTED] wrote: Hello, There have been some discussion over the years about using OpenID for non-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)? Thanks. -- Anders Feder [EMAIL PROTECTED] ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Tiny RDF Schema at openid.net?
With just a quick look at this, it seems like a good idea. I'd like to see it happen somehow. Anybody see any problems with doing this? - Scott On 1/29/07 2:13 AM, Benjamin Nowack [EMAIL PROTECTED] wrote: Hi, I was wondering if you guys could be persuaded to host a little RDF Schema file on the openid.net site. As far as I can tell, there is great support for OpenID among SemWeb folks as it can be combined with things like FOAF for all sorts of cool applications. People recently started to write RDF extractors for the OpenID hooks embedded in HTML (openid.server/delegate). As these hooks are in line with the Dublin Core guidelines [1], there are even multiple ways to do this. The only thing we're missing for more widespread use is an agreed-on namespace URI for the core openID terms (server and delegate). And ideally this would be an openid.net one. So here is my request: any chance we could put a little RDF Schema file on the openid server? We would of course provide the file (it'd be just 5-10 lines of XML), and the actual URL/path doesn't really matter. An alternative could be to host it in some other stable URI space, Dan Connolly (CC'd) might be able to provide one at w3.org, not sure. It would be cool to get your blessing either way, though. Cheers in advance for perhaps considering it, Ben -- Benjamin Nowack Kruppstr. 100 45145 Essen, Germany http://www.bnode.org/ [1] http://www.dublincore.org/documents/dcq-html/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] OpenID and phishing (was Announcing OpenID Authentication2.0 - Implementor's Draft 11)
Still totally unhappy about the phishing issues, which I blogged about here: http://www.links.org/?p=187 I have a proposal which I think could greatly reduce the risk of phishing: identity providers should /never/ display their login form (or a link to the form) on a page that has been redirected to by an OpenID consumer. Instead, they should instruct the user to navigate to the login page themselves. The login page should have a short, memorable URL and users should be encouraged to bookmark it themselves when they sign up for the provider. The OpenID landing page then becomes an opportunity to help protect users against phishing rather than just being a vector for the attack. I've fleshed this out on my blog: http://simonwillison.net/2007/Jan/19/phishing/ Does that sound workable? One of the greatest strengths of OpenID is the ability for website operators to lower the barrier to engagement ... User shows up, user enters OpenID, user is then immediately participating in discussion/posts/comments/etc. I'm afraid this proposal takes away from that by forcing the user to lose the flow ... Of course its that flow that is the problem in terms of phishing. What if the OP cataloged where you just came from and then presented the screen that you mention? The user is asked to navigate via a bookmark or entering the URL in the location bar and then upon logging in is presented with a link back to the site they just came from. Then the user can quickly engage and the site can still kick of the SREG mojo instead of having to go _back_ to the site in question to re-initiate the login. Would that work or am I missing something obvious? - Scott ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Mailing List etiquette question.
+1. Don't be shy to speak your mind. On 11/30/06 6:48 PM, Recordon, David [EMAIL PROTECTED] wrote: Hi Gavin, As being one that often floats proposals to the list, I'd encourage people to voice their opinions even if it is just agreeing with someone else. With silence it is hard to know if people agree with you, think you're crazy, don't care, or haven't read it. --David -Original Message- From: Gavin Baumanis [mailto:[EMAIL PROTECTED] Sent: Thursday, November 30, 2006 06:35 PM Pacific Standard Time To: [EMAIL PROTECTED]; specs@openid.net Subject:Mailing List etiquette question. Hi everyone, Just a quick question. I was about to send a reply in support of Avery's suggestion, but before I did thought I would ask; Is it appropriate to respond to the list with, Yes - I agree - that seems like a simple / easily implemented solution (in essence adding support to the proposal, allowing all subscribers to gauge the worthiness of the suggestion - yet, not adding in any new information) On the other hand, it almost seems like spamming the list? Thanks. Gavin RMIT University, Melbourne, Australia. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Changing Terminology (was RE: IdP term in spec (was RE: Delegationdiscussion summary))
I'd really prefer not to change terminology in the spec right now. Seems like something we should have thought about four months ago versus a week after we said it would be final. There is nothing saying user friendly terms that map to spec terms can't be created for the time being. I do however think there will need to be healthy discussion around them, that takes longer than a week. :) +1 to all points. - Scott ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Delegation discussion summary
I would propose that the term Homesite be used when prompting the user to type in their IdP. I think the term Identity Provider is overloaded and not user friendly. As per my last email I feel the same way about identity provider as well ... I agree with Dick; too overloaded and not user friendly. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Delegation discussion summary
I kinda get homesite, but I don't understand the thinking behind membersite: What is this site supposed to be a member of? It was a member of the network of sites running the protocol. Membersite sounds too much like you have to join some club to participate. I feel the same way about homesite. I'm all for finding more consumer-friendly terminology for this but I've yet to hear anything that rings true. In the case of http you have web server which is served up by a web site ... Instead of http provider and http destination ... Maybe we need to make this even simpler than we are? Could it be as simple (and I'm not really suggesting these) as login server and login site? What does the wider community think? How do LiveJournal users refer to this concept today? - Scott ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs