FOSS needs a central bug tracker
Kevin Kofler
kevin.kofler at chello.at
Sun Apr 26 06:21:20 UTC 2009
Bill Crawford wrote:
> Google is taking advantage of a feature in OpenID 2.0 known as "Directed
> Identity". This allows an OpenID 2.0 Relying Party to start the OpenID
> protocol flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to
> allow for "one click" style login dialogues. By performing discovery on
> this URL, using the XRDS XML format, the OpenID Provider advertises the
> OpenID Endpoint URL for the Relying Party to make a request against.
> Google is doing this correctly with the URL to perform discovery against
> being https://www.google.com/accounts/o8/id.
And how are the sites supposed to know this URL? By hardcoding a list of
such URLs? (Yuck! That pretty much defeats the point of OpenID and brings
us back to a hardcoded list of ID providers.) Or by asking the user to
paste it? (Even worse, now the user has to paste an obscure URL *and* enter
their e-mail address rather than just pasting an obscure URL, what problem
does that solve?)
Kevin Kofler
More information about the fedora-devel-list
mailing list