Re: New 'Login' Intent? from Eiji Kitamura on 2012-05-07 (public-web-intents@w3.org from May 2012)

From: Eiji Kitamura <agektmr@google.com>
Date: Mon, 7 May 2012 11:36:45 +0900
To: Charles Pritchard <chuck@jumis.com>
Cc: Doug Schepers <schepers@w3.org>, public-web-intents@w3.org, Harry Halpin <hhalpin@w3.org>, nov matake <matake@gmail.com>
Message-ID: <CAOW=x-BXxq02fJLXz6-1nYLJ84KaT2WYdEWifRn-tCrBahT+Kg@mail.gmail.com>

There's a guy (cc'ed) who implemented OpenID Connect over WebIntent.
http://t.oauth.jp/post/20756025471/when-you-access-to-an-openid-relying-party-rp

Just FYI.

On Mon, May 7, 2012 at 11:09 AM, Charles Pritchard <chuck@jumis.com> wrote:

> On 5/6/2012 2:53 PM, Doug Schepers wrote:
>
>> I propose that we have another intent, 'Login' (I don't care about the
>> name... it could be 'SignOn', 'SignIn', 'SelectIdentity', or whatever).
>> This would let users select from their choice of Identity Providers (IDPs),
>> or to create or use a bespoke account for that specific site.
>>
>> A corollary to this would be 'Comment' or 'Discuss', which is often
>> hosted by third-party services like Disqus.
>>
>
> How do we verify the authenticity of the ID?
> event={ data: { user: 'arbitrary' }, origin: 'example.com' };
>
> Intent doesn't have a mechanism for checking that the origin is
> example.com.
>
>
>
>
>
>
>
>


-- 
Eiji Kitamura | Developer Advocate | agektmr@google.com | +81-80-1150-6480

Received on Monday, 7 May 2012 12:29:51 UTC