Seemless Single Signon
Martin Atkins
mart at degeneration.co.uk
Fri May 20 06:53:52 PDT 2005
Sam Ruby wrote:
>
> Nothing is shared between sites.
>
> There is no need to involve my server during the composition of my request.
>
> Everything necessary to compose a message which is signed with
> information unique to my server can be done locally, in javascript.
>
> And it can all be done with out any user interaction.
>
Sorry. I misunderstood what you were saying. It is true that the
signature request can happen without making any kind of request to the
consumer site in the presence of some OpenID-specific code in the
browser. That is what the "Browser Login Plugin" thread was all about,
in fact. My post at the head of that thread essentially proposed what
you are proposing, albeit with a different user interface and discovery
mechanism:
<http://lists.danga.com/pipermail/yadis/2005-May/000087.html>
A form naming convention would serve the same purpose as the HEAD
metadata I proposed, if perhaps making it a little harder to "discover"
the necessary information.
The only part that cannot currently be automated is the approval on the
ID server. For that to work, there would need to be some kind of
protocol for the plugin/bookmarklet/filter/whatever to tell the ID
server behind the scenes that the site is approved. Of course, this must
be designed with an appropriate amount of care to avoid websites
pre-approving a user themselves.
More information about the yadis
mailing list