Non-interactive logins

2008-07-15 Thread Anders Feder
Hello, There have been some discussion over the years about using OpenID for non-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)?

Re: Non-interactive logins

2008-07-15 Thread Scott Kveton
Hi Anders, You might want to check out OAuth ... it was developed for just such a situation. - Scott On Tue, Jul 15, 2008 at 4:20 AM, Anders Feder [EMAIL PROTECTED] wrote: Hello, There have been some discussion over the years about using OpenID for non-interactive logins. Can someone

Re: Non-interactive logins

2008-07-15 Thread Anders Feder
If I'm not mistaken, OAuth requires the user to approve the authentication request in her browser, which is an interactive action. Joseph Holsten pointed me to Appendix A of the OAuth specification for an example. In step A.3, The Consumer redirects Jane’s browser to the Service Provider User

OpenID with Acegi Security for Springs

2008-07-15 Thread Shweta Kumbar
Hi, Has anyone integrated OpenID with Acegi security for Springs? I need help on this. Regards, Shweta DISCLAIMER: This message (including attachment if any) is confidential and may be privileged. If you have received this message by mistake please notify the sender by return e-mail

Re: Non-interactive logins

2008-07-15 Thread John Panzer
Anders Feder wrote: If I'm not mistaken, OAuth requires the user to approve the authentication request in her browser, which is an interactive action. This is true, but this only needs to be done when obtaining an access token, which can be used potentially forever without further

Re: Non-interactive logins

2008-07-15 Thread Anders Feder
tir, 15 07 2008 kl. 21:28 -0700, skrev John Panzer: And of course any number of extensions could be created to obtain an access token via an alternate path, after which normal OAuth can be used. Sure, but isn't this equally true for OpenID? If that is the case, I would like to ask the list if

RE: Non-interactive logins

2008-07-15 Thread Manger, James H
Hi Anders, There has been some work on this important issue, though it seems to have been dormant for a while. There seem to be two proposals (by Martin Atkins) using OpenID as an HTTP authentication mechanism. It is suitable for non-browser, non-interactive use cases.

Re: Non-interactive logins

2008-07-15 Thread James Henstridge
On Wed, Jul 16, 2008 at 12:38 PM, Anders Feder [EMAIL PROTECTED] wrote: tir, 15 07 2008 kl. 21:28 -0700, skrev John Panzer: And of course any number of extensions could be created to obtain an access token via an alternate path, after which normal OAuth can be used. Sure, but isn't this