Re: "Logged in with fedsocweb" from Markus Sabadello on 2012-07-08 (public-fedsocweb@w3.org from July 2012)

From: Markus Sabadello <markus.sabadello@gmail.com>
Date: Sun, 8 Jul 2012 16:53:58 +0200
To: Michiel de Jong <michiel@unhosted.org>
Cc: public-fedsocweb@w3.org
Message-ID: <CAJF45PQxnws=AViA6h-1urzpOr8ui_d7m5yzHeL320hvDW+Ugg@mail.gmail.com>

Hmm thinking about "Facebook Connect" and "OpenID Connect"..

How about..
"Log in with Freedom Connect"
Hmm that's a bit cheesy.
or
"Log in with Web Connect"
Hmm
or
"Log in with Indie ID"
Hmm
or just
"Log in with OpenID Connect"

Maybe your indie-web-node-in-a-box should also be your own personal OpenID
Connect IdP. Then you wouldn't even need to issue a separate access token
for accessing the friends list endpoint I think, you'd just use OpenID
Connect for that.

When you go to a web app and let it access your remoteStorage, you're not
actually "logging in" to that web app, technical speaking, right? Because
it's "just" an OAuth flow, not an OpenID Connect flow.

So why not add OpenID Connect to your 6 points? (As a sub-point of point 1
maybe?)

Markus

On Sun, Jul 8, 2012 at 1:14 PM, Michiel de Jong <michiel@unhosted.org>wrote:

> I was just using AirBnb while logged in with facebook. this works
> great, because you don't have to create an AirBnb account, yet by
> checking someone's list of facebook friends as displayed inside
> AirBnb, you can check whether you are dealing with a scammer or a
> psycho or a normal person.
>
> A similar experience is when using Lanyrd while logged in via Twitter,
> there you have the added cool feature of seeing what conferences
> people "close to you" will be going to, and if you follow a high rate
> of the speakers and/or attendants of a certain conference or workshop,
> chances are you might at least want to know about it.
>
> I guess it's obvious where i'm going with this...
>
> how can we generalize this model to fedsocweb? Of course, there's
> advanced features like automatically registering a bunch of
> intent-handler (share, add to calendar, send as private message) for
> your home-node, In both cases a huge value is already obtained by just
> OAuth-ing to pull in the friends list.
>
> the work on OAuth discovery is still very much in progress, but i
> think this is an interesting opportunity. in your webfinger profile,
> you can expose three small pieces of information:
>
> - the end point to obtain the friends-list (this can be either
> cross-origin or server-to-server)
> - the end point to obtain an access token for said friends-list.
> - (unless we pick 1 canonical one)  which format the friends-list is in
>
> Would this be cool?
>
>
> Cheers,
> Michiel
>
>

Received on Sunday, 8 July 2012 14:54:26 UTC