OpenId as an ad-hoc federator

S. Sriram ssriram at
Sun Oct 9 15:51:37 PDT 2005

OpenId as an ad-hoc federator:

Could someone point out why such a scenario may not

Site A has it's own identity island. It asks user for his
OpenID , validates it and stores it away.

Site B does the same thing.

Site B offers a rest api
 and expects an OpenID in the XML POST data

Now, when user at Site A wants to get his data from Site B
to use within site A, it becomes ez since all Site A has
to do is call the Site B's REST api call with user's openID.
Site B of course only passes on the data on user openid

Advantages to the user are: He does not need to provide Site A with
all his usernames & passwords for all the different services.

I'd be interested in knowing what weaknesses if any are there to this model.

S. Sriram

More information about the yadis mailing list