OpenId as an ad-hoc federator
S. Sriram
ssriram at gmail.com
Sun Oct 9 15:51:37 PDT 2005
OpenId as an ad-hoc federator:
Could someone point out why such a scenario may not
work.
Site A has it's own identity island. It asks user for his
OpenID , validates it and stores it away.
Site B does the same thing.
Site B offers a rest api
siteb.com/api/mydata
and expects an OpenID in the XML POST data
Now, when user at Site A wants to get his data from Site B
to use within site A, it becomes ez since all Site A has
to do is call the Site B's REST api call with user's openID.
Site B of course only passes on the data on user openid
validation.
Advantages to the user are: He does not need to provide Site A with
all his usernames & passwords for all the different services.
I'd be interested in knowing what weaknesses if any are there to this model.
Thanks
S. Sriram
More information about the yadis
mailing list