Re: OpenID Exchange
Recordon, David wrote: > Awesome, glad to see this! Would be great as Johannes said to see some > flow examples and how you'd see it integrate to do something like > exchange profile data or post a photo on your blog. Would love to see > this formalized and happy to help however I can! > I'm hoping to get some working demo examples done this weekend in some form or other, if I get time. Failing that, I'll at least try to get some written, theoretical examples written up for the scenarios I listed in my original message. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: OpenID Exchange
Awesome, glad to see this! Would be great as Johannes said to see some flow examples and how you'd see it integrate to do something like exchange profile data or post a photo on your blog. Would love to see this formalized and happy to help however I can! --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Wednesday, December 13, 2006 4:44 AM To: specs@openid.net Subject: OpenID Exchange I have made an early draft of a spec called OpenID Exchange on the wiki: <http://openid.net/wiki/index.php/OpenID_Exchange_1.0> The goal of this protocol is to allow user-accompanied HTTP requests. "user-accompanied" means that a consumer makes a request to a service on behalf of a user and the user reviews and approves the request. Example applications of this include: * Zooomr posting photos into your blog with your one-time approval, without disclosing your login credentials. [1] * Fetching of user profile information. * Social networking friendship handshakes. [2] The protocol should, in theory, be able to act as a transport for any HTTP-based protocol such as SOAP and AtomAPI, as well as for simple GET requests. The protocol for "post in my blog" could, for example, just be an AtomAPI POST request made over OpenID Exchange. This is still work-in-progress. The spec needs lots of refinement and at some point I'll have to make a demo or two. [1] You can still see the results of the demo of my earlier version of this on LiveJournal, albeit without the pictures: <http://openrpcdemo.livejournal.com/> [2] Discussed further in my blog entry on social networking: <http://www.apparently.me.uk/623.html> ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: OpenID Exchange
It would be very helpful if you could write up a full example scenario executing the protocol flow. Using something like a (hypothetical) Mashup as an example. On Dec 13, 2006, at 4:43, Martin Atkins wrote: > > I have made an early draft of a spec called OpenID Exchange on the > wiki: > <http://openid.net/wiki/index.php/OpenID_Exchange_1.0> > > The goal of this protocol is to allow user-accompanied HTTP requests. > "user-accompanied" means that a consumer makes a request to a > service on > behalf of a user and the user reviews and approves the request. > > Example applications of this include: > * Zooomr posting photos into your blog with your one-time approval, > without disclosing your login credentials. [1] > * Fetching of user profile information. > * Social networking friendship handshakes. [2] > > The protocol should, in theory, be able to act as a transport for any > HTTP-based protocol such as SOAP and AtomAPI, as well as for simple > GET > requests. The protocol for "post in my blog" could, for example, > just be > an AtomAPI POST request made over OpenID Exchange. > > This is still work-in-progress. The spec needs lots of refinement > and at > some point I'll have to make a demo or two. > > [1] You can still see the results of the demo of my earlier version > of this on LiveJournal, albeit without the pictures: > <http://openrpcdemo.livejournal.com/> > > [2] Discussed further in my blog entry on social networking: > <http://www.apparently.me.uk/623.html> > > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: OpenID Exchange
this is exactly what we are trying to come up (at AOL) too. This fits in well for bridging Open Authentication with Open Web Services. Although in our version (internal - not published yet) we tried to keep the EndPoint (SP) & OP separate and use a security token instead of the transaction handle to bootstrap on - so by the time the Consumer makes a call to the SP, it already has a Security Token that it can pass on to the SP and the SP doesn't need to do the Authentication again. We also talked (internally) about an Interaction Service (liberty specs) 'like' extension to OpenId that can be optionally be supported by the OP (will be defined in the yadis doc). So let's say if an OpenId user tries to access a Consumer site (a mashup in web 2.0 world) which tries to get his albums from Pictures Service, the Consumer site can do the authentication with OP and ask for a security token that it can use to make a web services (SOAP/REST/etc..) request to the Pictures Services. The Pictures Service can validate the token, and check for user rights either locally or at OP (if defined in OP's Yadis doc) and return the data if the user has previously given consent. If not, Pictures Service can ask the Consumer to redirect the user in the browser to a Url - which can be either the Picture Service's own web app or to the OP with parameters required to collect the user's consent. There are definitely both pros & cons in doing it with one being that the user's permissions are stored at this own (trusted) OP rather than at each SP separately - so the user can go to one place and manage his permissions.Would like to see what others think about this approach. We didn't push the spec to the openid gang yet as at the IIW last week, we heard of new extensions like Assertion Quality Extension, and the huge interest in SAML-OpenId convergence, which seemed like opening up other ways to achieve the same. We would be more than happy to help & support you with formalizing the spec, usecases, etc.. regards, =praveen.alavilli [EMAIL PROTECTED] wrote: > I have made an early draft of a spec called OpenID Exchange on the wiki: > <http://openid.net/wiki/index.php/OpenID_Exchange_1.0> > > The goal of this protocol is to allow user-accompanied HTTP requests. > "user-accompanied" means that a consumer makes a request to a service on > behalf of a user and the user reviews and approves the request. > > Example applications of this include: > * Zooomr posting photos into your blog with your one-time approval, > without disclosing your login credentials. [1] > * Fetching of user profile information. > * Social networking friendship handshakes. [2] > > The protocol should, in theory, be able to act as a transport for any > HTTP-based protocol such as SOAP and AtomAPI, as well as for simple GET > requests. The protocol for "post in my blog" could, for example, just be > an AtomAPI POST request made over OpenID Exchange. > > This is still work-in-progress. The spec needs lots of refinement and at > some point I'll have to make a demo or two. > > [1] You can still see the results of the demo of my earlier version > of this on LiveJournal, albeit without the pictures: > <http://openrpcdemo.livejournal.com/> > > [2] Discussed further in my blog entry on social networking: > <http://www.apparently.me.uk/623.html> > > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
OpenID Exchange
I have made an early draft of a spec called OpenID Exchange on the wiki: <http://openid.net/wiki/index.php/OpenID_Exchange_1.0> The goal of this protocol is to allow user-accompanied HTTP requests. "user-accompanied" means that a consumer makes a request to a service on behalf of a user and the user reviews and approves the request. Example applications of this include: * Zooomr posting photos into your blog with your one-time approval, without disclosing your login credentials. [1] * Fetching of user profile information. * Social networking friendship handshakes. [2] The protocol should, in theory, be able to act as a transport for any HTTP-based protocol such as SOAP and AtomAPI, as well as for simple GET requests. The protocol for "post in my blog" could, for example, just be an AtomAPI POST request made over OpenID Exchange. This is still work-in-progress. The spec needs lots of refinement and at some point I'll have to make a demo or two. [1] You can still see the results of the demo of my earlier version of this on LiveJournal, albeit without the pictures: <http://openrpcdemo.livejournal.com/> [2] Discussed further in my blog entry on social networking: <http://www.apparently.me.uk/623.html> ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs