W3C home > Mailing lists > Public > public-web-intents@w3.org > May 2012

Re: New 'Login' Intent?

From: Doug Schepers <schepers@w3.org>
Date: Thu, 10 May 2012 00:03:46 -0400
Message-ID: <4FAB3E22.5060504@w3.org>
To: "SULLIVAN, BRYAN L" <bs3131@att.com>
CC: Magnus Olsson <magnus.olsson@ericsson.com>, "public-web-intents@w3.org" <public-web-intents@w3.org>, Harry Halpin <hhalpin@w3.org>
Hi, folks-

Actually, thinking further on it, logging in is only one of the problems 
that identifying a person solves.  I like the idea of an 
'GetCredentials' intent (or something simpler), specifically, because it 
also addresses zero-knowledge proof scenarios, or cases where you want 
to authorize (verify that the user is permitted to do what they are 
trying to do) without uniquely identifying them.

As far as the specific mechanism or protocol, I agree with Bryan that 
I'd rather that Web Intents were not a kingmaker here... any scheme that 
is able to work with the constraints should be an option, not just OAuth 
(though I admit I don't know which schemes are possible).

Regards-
-Doug

On 5/9/12 7:13 PM, SULLIVAN, BRYAN L wrote:
> I think at this point the idea is just one of the "solve the nascar
> problem" type opportunities. I don't know how it will work, but I am
> watching these threads and we will be trying out ideas as we go, and
> the demos available.
>
> I think one option is for the website to be able to reference its
> preferred intent providers, if this is possible through the same
> general idea as the intent registration markup (i.e. the preference
> is disclosed through some markup).
>
> Thanks, Bryan Sullivan
>
> -----Original Message----- From: Magnus Olsson
> [mailto:magnus.olsson@ericsson.com] Sent: Tuesday, May 08, 2012 6:59
> AM To: SULLIVAN, BRYAN L; Doug Schepers; public-web-intents@w3.org;
> Harry Halpin Subject: RE: New 'Login' Intent?
>
> But how is this related to the HTTP code 401, authorization
> required?
>
> Or is the "intention" to ask for a sort of single sign on gateway to
> carry out the actual login?  (assume the using part implies selection
> of alternative means, what intent is all about of course).
>
> Still, an application server is the one to "invite" (or bluntly
> require) a user to login in, in order to navigate further into a
> service. In that case there has to be a "preference" (accepted
> methods) from the server side that the "LoginUsing" intent can
> respond/relate to?
>
>
> Br Magnus
>
> -----Original Message----- From: SULLIVAN, BRYAN L
> [mailto:bs3131@att.com] Sent: den 7 maj 2012 18:53 To: Doug Schepers;
> public-web-intents@w3.org; Harry Halpin Subject: RE: New 'Login'
> Intent?
>
> I think this is a great idea for an Intent. We should start building
> out the wiki (http://www.w3.org/wiki/WebIntents) with such ideas
> (under "Documentation for Web Intents Actions and Types"?).
>
> I suggest the Intent name be "LoginUsing".
>
> Thanks, Bryan Sullivan
>
> -----Original Message----- From: Doug Schepers
> [mailto:schepers@w3.org] Sent: Sunday, May 06, 2012 2:54 PM To:
> public-web-intents@w3.org; Harry Halpin Subject: New 'Login' Intent?
>
> Hi, folks-
>
> Forgive me if this has been discussed before.
>
> The default intents that I know about are 'Discover', 'Share',
> 'Edit', 'View', 'Pick', 'Subscribe', and 'Save'.
>
> One of the great things about Web Intents is the ability to address
> the NASCAR Problem... and one of the worst offenders of that problem
> is the identity issue, which is made worse by the fact that it's
> still not really a solved problem, so there are likely to be more
> iterations of solutions like OpenID Connect (Google, Microsoft,
> etc.), BrowserID, Twitter, Facebook Connect, etc.
>
> I propose that we have another intent, 'Login' (I don't care about
> the name... it could be 'SignOn', 'SignIn', 'SelectIdentity', or
> whatever). This would let users select from their choice of Identity
> Providers (IDPs), or to create or use a bespoke account for that
> specific site.
>
> A corollary to this would be 'Comment' or 'Discuss', which is often
> hosted by third-party services like Disqus.
>
> Regards- -Doug Schepers W3C Developer Relations Project Coordinator,
> SVG, WebApps, Touch Events, and Audio WGs
>
Received on Thursday, 10 May 2012 04:03:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 10 May 2012 04:04:00 GMT