OpenID browser integration with auto-login through whitelists
15. Dezember 2007, 19:17 Uhr von FabianThinking about whether OpenID is capable of true single-sign-on I came to the conclusion that it’s probably not designed for this, but that browser integration could provide an almost similar experience if there was a standard for this. So here’s my question.
(Note that I know of Verisign’s Seatbelt and Sxipper. But both do not offer what I request here, AFAIK.)
Dear lazyweb,
is there a project or standard proposition that aims to (or even an implementation that already does) enable OpenID browser integration in the following way?
- let the user create a whitelist à la “always use xyz.myopenid.com for foobarsite.com”
- let the browser use this whitelist to send a standardized cookie or HTTP-header to the relying party site on each request (or only when no standardized and valid session cookie exists)
- on receiving such an request, the RP should automagically start the authentication process — and finish it transparently for me if I’m logged into my OpenID provider
This would be a huge step forward, I think.
Fabian Neumann
What we need is a standard API for OpenID consumers.
The API should allow a client to query if the user is authenticated, the identifier that the user is logged in with, and then allow them to log in and out using that endpoint.
Consumers would advertise this using YADIS and/or an openid.consumer link relation.