OpenID, YADIS and Directed Identity
Johannes Ernst
jernst+lists.danga.com at netmesh.us
Sun Feb 12 20:25:42 UTC 2006
> ... in my
> scenario, you wouldn't enter "mart.whatever.com" at the initial
> login, screen.
> Instead you would only enter "whatever.com". At this point, then,
> the replying
> part only knows you are somehow attached to "whatever.com". You
> are then
> redirected (302) to whatever.com's login page. Unlike the current
> scenario,
> the identity server (whatever.com) has at this point no idea who
> you are, so
> instead of asking just for your password and presenting the "user"
> field
> already filled out, you would need to specify your user name at
> whatever.com's
> login screen as well.
Not necessarily. The identity server can have a cookie, shared only
with itself, that identifies who you are. So the sequence would be
GET relying-party -> HTML form
POST relying party identity=whatever.com -> Redirect to whatever.com
GET whatever.com cookie=myid -> Redirect to whatever.com/myid
GET whatever.com/myid -> Redirect to relying party with signed URL
(if active session, otherwise ask for password first)
P.S. No hunting party ;-) as long as everybody understands that this
is about something other than YADIS 1.0.
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060212/3aa6fcb7/lid-0001.gif
-------------- next part --------------
http://netmesh.info/jernst
More information about the yadis
mailing list