OpenID, YADIS and Directed Identity

Johannes Ernst jernst+lists.danga.com at netmesh.us
Sun Feb 12 20:25:42 UTC 2006


> ... in my
> scenario, you wouldn't enter "mart.whatever.com" at the initial  
> login, screen.
> Instead you would only enter "whatever.com". At this point, then,  
> the replying
> part only knows you are somehow attached to "whatever.com".  You  
> are then
> redirected (302) to whatever.com's login page.  Unlike the current  
> scenario,
> the identity server (whatever.com) has at this point no idea who  
> you are, so
> instead of asking just for your password and presenting the "user"  
> field
> already filled out, you would need to specify your user name at  
> whatever.com's
> login screen as well.

Not necessarily. The identity server can have a cookie, shared only  
with itself, that identifies who you are. So the sequence would be

GET relying-party -> HTML form
POST relying party identity=whatever.com -> Redirect to whatever.com
GET whatever.com cookie=myid -> Redirect to whatever.com/myid
GET whatever.com/myid -> Redirect to relying party with signed URL  
(if active session, otherwise ask for password first)


P.S. No hunting party ;-) as long as everybody understands that this  
is about something other than YADIS 1.0.




Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060212/3aa6fcb7/lid-0001.gif
-------------- next part --------------
  http://netmesh.info/jernst






More information about the yadis mailing list