Thinking about whether OpenID is capable of true single-sign-on I came to the conclusion that it’s probably not designed for this, but that browser integration could provide an almost similar experience if there was a standard for this. So here’s my question.
(Note that I know of Verisign’s Seatbelt and Sxipper. But both do not offer what I request here, AFAIK.)
Dear lazyweb,
is there a project or standard proposition that aims to (or even an implementation that already does) enable OpenID browser integration in the following way?
- let the user create a whitelist à la “always use xyz.myopenid.com for foobarsite.com”
- let the browser use this whitelist to send a standardized cookie or HTTP-header to the relying party site on each request (or only when no standardized and valid session cookie exists)
- on receiving such an request, the RP should automagically start the authentication process — and finish it transparently for me if I’m logged into my OpenID provider
This would be a huge step forward, I think.
Fabian Neumann