[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FOSS needs a central bug tracker



Bill Crawford wrote:
> Google is taking advantage of a feature in OpenID 2.0 known as "Directed
> Identity". This allows an OpenID 2.0 Relying Party to start the OpenID
> protocol flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to
> allow for "one click" style login dialogues. By performing discovery on
> this URL, using the XRDS XML format, the OpenID Provider advertises the
> OpenID Endpoint URL for the Relying Party to make a request against.
> Google is doing this correctly with the URL to perform discovery against
> being https://www.google.com/accounts/o8/id.

And how are the sites supposed to know this URL? By hardcoding a list of
such URLs? (Yuck! That pretty much defeats the point of OpenID and brings
us back to a hardcoded list of ID providers.) Or by asking the user to
paste it? (Even worse, now the user has to paste an obscure URL *and* enter
their e-mail address rather than just pasting an obscure URL, what problem
does that solve?)

        Kevin Kofler


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]