Re: OpenID Trusted Authentication Extension

2007-09-01 Thread John Ehn
On 8/31/07, James Henstridge [EMAIL PROTECTED] wrote: You still want the user involved in the granting of an authentication token though, right? Trying to replace the UA in the authentication workflow is quite a big change, and limits what the OP can do. Yes, granting the secret must be

Re: OpenID Trusted Authentication Extension

2007-08-31 Thread John Ehn
Well, I've slept on it. I think we have a difference in philosophy. The other Extesions - AX, Simple Registration, etc. - follow the same data flow methodology: RP - UA - OP RP - UA - OP I believe I'm sticking to the same principles in my spec. We are doing the very same thing when we collect

Re: OpenID Trusted Authentication Extension

2007-08-31 Thread James Henstridge
On 31/08/2007, John Ehn [EMAIL PROTECTED] wrote: Well, I've slept on it. I think we have a difference in philosophy. The other Extesions - AX, Simple Registration, etc. - follow the same data flow methodology: RP - UA - OP RP - UA - OP With my proposed workflow, it'd be going through the

Re: OpenID Trusted Authentication Extension

2007-08-30 Thread James Henstridge
On 26/08/07, John Ehn [EMAIL PROTECTED] wrote: I have created a draft of a new specification that I think will help to fill a gap in OpenID functionality. What appears to be a newer productivity feature of many websites is the ability to import and utilize information from other sites. For

Re: OpenID Trusted Authentication Extension

2007-08-30 Thread John Ehn
James, Sorry, but I'm having problems following the flow. It seems like an interesting idea, though. Can you provide with a little more information on how these components would interact? I was really trying to keep everything dumb and simple. The concept I was going for was piggy-back on

Re: OpenID Trusted Authentication Extension

2007-08-30 Thread James Henstridge
On 30/08/2007, John Ehn [EMAIL PROTECTED] wrote: James, Sorry, but I'm having problems following the flow. It seems like an interesting idea, though. Can you provide with a little more information on how these components would interact? Okay. The basic idea was that instead of creating a

Re: OpenID Trusted Authentication Extension

2007-08-30 Thread John Ehn
Ahhh, I see what you're going for. It's a very interesting idea. On 8/30/07, James Henstridge [EMAIL PROTECTED] wrote: On 30/08/2007, John Ehn [EMAIL PROTECTED] wrote: James, Sorry, but I'm having problems following the flow. It seems like an interesting idea, though. Can you provide

Re: OpenID Trusted Authentication Extension

2007-08-29 Thread John Ehn
Chris, I want to start off by saying how horribly inappropriate it is to use the OpenID specifications mailing list to peddle an authentication standard that has absolutely nothing to do with OpenID. I find it interesting that so many of the OAuth community have taken time out of their busy

Re: OpenID Trusted Authentication Extension

2007-08-28 Thread Chris Messina
Hi John, Looks like there's some consensus around OAuth... ;) I helped to get OAuth off the ground to solve the very problem that you're looking to solve -- in our case, enabling Ma.gnolia OpenID users to use Dashboard Widgets and Twitter API users to authenticate their apps, eventually using

Re: OpenID Trusted Authentication Extension

2007-08-27 Thread David Fuelling
John, Have a look at OAuth (http://groups.google.com/group/oauth). I think it's currently a private google group, but it seems like you've given a lot of thought to this type of thing, so I'm sure the group owners would welcome your input. There's a lot of activity going on over there. David

OpenID Trusted Authentication Extension

2007-08-26 Thread John Ehn
I have created a draft of a new specification that I think will help to fill a gap in OpenID functionality. What appears to be a newer productivity feature of many websites is the ability to import and utilize information from other sites. For instance, Basecamp provides an API that allows other