Seamless site-to-site account creation and login via OpenID

Drummond Reed drummond.reed at
Thu Aug 24 19:25:45 UTC 2006



So if I understand this (fascinating) scenario, what you're really talking
about is the capability for any site A to dynamically begin serving as a
"proxy" IdP for a user to another trusted site B, simply by issuing a URL
for accessing site B that points back to site A as the OpenID IdP.


Do I have that right?


If so, that's both really cool, and - possibly - a little scary, because the
user may not expect/want site A to act in that proxy IdP capacity.


What do folks think?


=Drummond (i-name: =drummond.reed, 



From: yadis-bounces at [mailto:yadis-bounces at]
On Behalf Of Tony
Sent: Thursday, August 24, 2006 1:21 AM
To: yadis at
Subject: Seamless site-to-site account creation and login via OpenID


Thus far I've only read about OpenID and tried it out with some scant
services.  However as far as I can tell, the process of creating an account
and logging in to a trusted "partner" site could be made completely
automated, correct? 


User has an account on Web Site A.  User logs into Site A and a session
cookie is set.

User wants to access a service on Site B which is part of Site A's trusted
network of partner sites.

User requests Site B's feature on Site A.  Site A directs the user to Site
B, passing their OpenID XRI for Site A to Site B.

Site B would then contact Site A based on the OpenID to verify User's
identity.  Site B would then issue an HTTP redirect for the user to a
specially designed landing URL. 

When User's browser hits the landing URL, Site A checks the session cookie
and sets up the trust relationship with Site B.

As far as I can tell, this can be 100% seamless and behind the scenes,
provided the user has 1) already logged into Site A and 2) Site A and B
trust each other enough to use OpenID in this manner. 

Correct, or am I missing something?

Tony Arcieri

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the yadis mailing list