RE: Non-interactive logins

2008-07-17 Thread Anders Feder
This looks like an interesting proposal. A 'black box' with regards to how the application obtains assoc_handle and signature from the OP remains, but it looks like a step in the right direction. What remains to be done to elevate this proposal this to standard? ons, 16 07 2008 kl. 15:09 +1000,

Re: Non-interactive logins

2008-07-16 Thread Anders Feder
Let me elaborate on the idea and requirements I have in mind. The use case I'm thinking of is perhaps not so much non-interactivity in particular as it is login with no black boxes. Currently, the RP is supposed to delegate full control of the login process to the URL where the OP redirects the

Re: Non-interactive logins

2008-07-16 Thread Nat Sakimura
, There have been some discussion over the years about using OpenID for non-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)? Thanks

Non-interactive logins

2008-07-15 Thread Anders Feder
Hello, There have been some discussion over the years about using OpenID for non-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)? Thanks

Re: Non-interactive logins

2008-07-15 Thread Scott Kveton
Hi Anders, You might want to check out OAuth ... it was developed for just such a situation. - Scott On Tue, Jul 15, 2008 at 4:20 AM, Anders Feder [EMAIL PROTECTED] wrote: Hello, There have been some discussion over the years about using OpenID for non-interactive logins. Can someone

Re: Non-interactive logins

2008-07-15 Thread Anders Feder
-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)? Thanks. -- Anders Feder [EMAIL PROTECTED

Re: Non-interactive logins

2008-07-15 Thread John Panzer
using OpenID for non-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)? Thanks. -- Anders Feder [EMAIL PROTECTED

Re: Non-interactive logins

2008-07-15 Thread Anders Feder
-interactive logins. Can someone kindly tell me what the status is of this feature? In particular login from non-browser applications - is this currently possible (e.g. using client certificate authentication)? Thanks. -- Anders Feder [EMAIL PROTECTED

RE: Non-interactive logins

2008-07-15 Thread Manger, James H
Hi Anders, There has been some work on this important issue, though it seems to have been dormant for a while. There seem to be two proposals (by Martin Atkins) using OpenID as an HTTP authentication mechanism. It is suitable for non-browser, non-interactive use cases.

Re: Non-interactive logins

2008-07-15 Thread James Henstridge
On Wed, Jul 16, 2008 at 12:38 PM, Anders Feder [EMAIL PROTECTED] wrote: tir, 15 07 2008 kl. 21:28 -0700, skrev John Panzer: And of course any number of extensions could be created to obtain an access token via an alternate path, after which normal OAuth can be used. Sure, but isn't this