mark at nullcraft.org
Thu May 19 19:46:07 PDT 2005
I'm just now jumping in on this conversation, though I wish I had more
time to participate during this phase. That said, please correct me if
I've overlooked some previously discussed issue(s). It would appear that "authentication" has been addressed, but this could easily facilitate other "authorization" mechanisms. Once a user is properly identified, services could be provided beyond just logging/tracking comments.
Christopher Schmidt wrote:
>On Thu, May 19, 2005 at 11:39:59AM -0700, Christopher Whipple wrote:
>>Had an idea this morning for builing comment tracking features into
>>publishing platforms piggybacking on OpenID functionality. Here's how it'd
>>I use my blog url to authenticate - the someblog.com server checks my blog
>>and pings my OpenID server. I'm authenticated and leave my comment. The
>>someblog.com server then checks my blog again to find a url where my blog
>>accepts incoming pings, sends a ping saying "you just left a comment here,
>>here's the comment's permalink and here's some info about the blog where you
>>left the comment". My blogging tool then takes care of tracking/displaying
>Not sure how I see that OpenID is an inherent part of this. For the most
>part, tools up until this point have assumed that the "Address" that
>most servers ask for is actually an accurate representation. Wordpress
>has the concept of "Pingback", which is similar to what you describe,
>although not for comments.
>Is there something specific about OpenID that makes this more
This line of server-to-server interaction interests me very much. One of
the things that I would like to see is a means of binding a guest
(remotely authenticated) user to a session such that the identity server
and the consumer server exchange services between them. The goal that I
had for Drupal using a similar scheme was to have XMLRPC interfaces
between the servers that would tie actions performed on the remote
server to services invoked upon the home/login server, and perhaps
The only thing that would need to be facilitated by the authentication
process would be identifying available services (and perhaps starting an
encrypted dialogue). Disregarding encryption, all this would mean is an
exchange of URLs pointing to service listings. Comment tracking could
be one of these services.
Thus, the only extension that OpenId would need to provide is a link to
a list of services. The format and purpose of this list would perhaps
be outside the scope of OpenId, but it would nonetheless allow willing
sites to implement their own exchanged services. The exchanged
(session?) keys that could be for encryption would just facilitate this
BTW, I'm very eager to see this implemented in the wild and will push to
get it implemented as a Drupal module as soon as practical.
Addendum: I attempted to send this earlier in the day, and it bounced (Damn dyn IP). Any followup hasn't been read yet.
mark on mogda.com
javanaut on drupal.org
poisonkitty on livejournal
phlegmgem on slashdot
Identity crisis? Moi?
More information about the yadis