<span class="gmail_quote"></span>Yes, that's correct. The idea is to have a partner network of a number of sites that all trust each other, and allow any user of any site in the partner network to move around the network utilizing various services which are tied to an account on that site.
<br><div><span class="sg"><br>- Tony</span></div><div><span class="e" id="q_10d41aea9da5b39a_2"><br><br><div><span class="gmail_quote">On 8/24/06, <b class="gmail_sendername">Drummond Reed</b> <<a href="mailto:drummond.reed@cordance.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
drummond.reed@cordance.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">Tony,</span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">So if I understand this (fascinating)
scenario, what you're really talking about is the capability for any site
A to dynamically begin serving as a "proxy" IdP for a user to
another trusted site B, simply by issuing a URL for accessing site B that
points back to site A as the OpenID IdP.</span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">Do I have that right?</span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">If so, that's both really cool, and –
possibly – a little scary, because the user may not expect/want site A to
act in that proxy IdP capacity.</span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">What do folks think?</span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">=Drummond (i-name: =drummond.reed,
<a href="http://xri.net/=drummond.reed" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://xri.net/=drummond.reed</a>) </span></font></p>
<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<div>
<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">
<hr align="center" size="2" width="100%">
</span></font></div>
<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;">
<a href="mailto:yadis-bounces@lists.danga.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">yadis-bounces@lists.danga.com</a> [mailto:<a href="mailto:yadis-bounces@lists.danga.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
yadis-bounces@lists.danga.com</a>] <b><span style="font-weight: bold;">On Behalf Of </span></b>Tony<br>
<b><span style="font-weight: bold;">Sent:</span></b> Thursday, August 24, 2006
1:21 AM<br>
<b><span style="font-weight: bold;">To:</span></b> <a href="mailto:yadis@lists.danga.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">yadis@lists.danga.com</a><br>
<b><span style="font-weight: bold;">Subject:</span></b> Seamless site-to-site
account creation and login via OpenID</span></font></p>
</div></div><div><span>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;"> </span></font></p>
<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">Thus far I've only read about OpenID and tried it out with some scant
services. However as far as I can tell, the process of creating an
account and logging in to a trusted "partner" site could be made
completely automated, correct? <br>
<br>
Example:<br>
<br>
User has an account on Web Site A. User logs into Site A and a session
cookie is set.<br>
<br>
User wants to access a service on Site B which is part of Site A's trusted
network of partner sites.<br>
<br>
User requests Site B's feature on Site A. Site A directs the user to Site
B, passing their OpenID XRI for Site A to Site B.<br>
<br>
Site B would then contact Site A based on the OpenID to verify User's
identity. Site B would then issue an HTTP redirect for the user to a
specially designed landing URL. <br>
<br>
When User's browser hits the landing URL, Site A checks the session cookie and
sets up the trust relationship with Site B.<br>
<br>
As far as I can tell, this can be 100% seamless and behind the scenes, provided
the user has 1) already logged into Site A and 2) Site A and B trust each other
enough to use OpenID in this manner. <br>
<br>
Correct, or am I missing something?<br>
<br>
Tony Arcieri<br>
ClickCaster.com</span></font></p>
</span></div><div></div>
</div>
</div></blockquote></div><br>
</span></div>