 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
27 messages in net.openid.general[OpenID] An OpenID "mobile" Hint?| From | Sent On | Attachments |
|---|---|---|
| David Recordon | Jun 4, 2008 2:08 pm | |
| Hans Granqvist | Jun 4, 2008 2:34 pm | |
| David Recordon | Jun 4, 2008 4:50 pm | |
| Johannes Ernst | Jun 4, 2008 9:49 pm | |
| Nat Sakimura | Jun 4, 2008 11:51 pm | |
| Martin Atkins | Jun 5, 2008 12:02 am | |
| Kick Willemse | Jun 5, 2008 3:49 am | |
| Steven Livingstone-Perez | Jun 5, 2008 4:06 am | |
| SitG Admin | Jun 5, 2008 8:31 am | |
| Johannes Ernst | Jun 5, 2008 9:15 am |  .gif, .gif |
| David Recordon | Jun 5, 2008 9:50 am | |
| David Recordon | Jun 5, 2008 9:51 am | |
| Martin Atkins | Jun 5, 2008 10:35 am | |
| SitG Admin | Jun 5, 2008 12:42 pm | |
| Martin Atkins | Jun 5, 2008 1:34 pm | |
| SitG Admin | Jun 5, 2008 3:58 pm | |
| Nat Sakimura | Jun 5, 2008 6:59 pm | |
| Nat Sakimura | Jun 5, 2008 7:06 pm | |
| Nat Sakimura | Jun 5, 2008 8:36 pm | |
| Martin Atkins | Jun 6, 2008 12:06 am | |
| Johannes Ernst | Jun 6, 2008 3:08 pm | |
| Warren Jamison | Jun 6, 2008 6:05 pm | |
| Carsten Pötter | Jun 6, 2008 8:47 pm | |
| Brandon Ramirez | Jun 7, 2008 10:28 am | |
| Brandon Ramirez | Jun 7, 2008 10:33 am | |
| SitG Admin | Jun 7, 2008 9:22 pm | |
| Tan, William | Jun 16, 2008 10:57 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [OpenID] An OpenID "mobile" Hint? | Actions... |
|---|---|---|
| From: | Steven Livingstone-Perez (webl...@hotmail.com) | |
| Date: | Jun 5, 2008 4:06:48 am | |
| List: | net.openid.general | |
Per (1) - I would have thought an OP could use the browser variables to determine the device type and silently direct to a mobile GUI - rather than a separate id. I have a mobile interface a while back but when I went to v2 I dropped it. Wasn't too much effort.
Are there any good OpenID mobile interfaces around?
Steven http://weblivz.openid.org
-----Original Message----- From: general-bounces at openid.net [mailto:gene...@openid.net] On Behalf Of Kick Willemse Sent: 05 June 2008 11:50 To: 'david at sixapart.com'; openid-general List Subject: Re: [OpenID] An OpenID "mobile" Hint?
Talking mobile and openid I have a need to make a distinction between the different scenario's/ dimensions. I see the following:
1. I logon to a website using my Iphone and when I am redirected to the OP I get a bad GUI experience.. I think OP's need to fix this. Maybe by providing a separate "mobile" openid. In the end this will evolve.
Additionally there is the problem if the OP that provides stronger mechanisms like YubiKey that can't connect to the Iphone..
2. If I browse online using the Iphone and don't have a "slot" for any additional key wouldn't it be great to use the mobile device as an additional authentication token.. You could argue about the security because now the out of band factor is gone (Both browsing and authentication within one device) Nevertheless there are several technology's around to provide this, mobile otp, sim pki, device fingerprint..) In the end it could result in storing your biometric credentials on the mobile device. (fingerprint or voice...)
3. I logon to the RP with my laptop and have an out of band authentication going to the OP using my Iphone..... We need to think how the RP "redirects" from his site to the OP and the end user. Why not introducing a openid server on my mobile device. In this way the RP can directly redirect to my phone openid server.
The openid server/applet is available on my mobile phone sim/ flash card. So every user "owns" it's "dummy proof" openid server. Manage its data decentralized on his mobile device and no need for difficult installation's.
In an ideal world I would say:
I have my own portable openid server on my mobile. The RP just redirects to my mobile device (No matter if it is on my laptop or direct on my iphone) I can use it to authenticate and in the end I just include my biometric credential introducing the three-factor authentication...
...mmm maybe I should have some patent on this, well I am an European and at least it is public now. :-)
If you have it, tell me where to buy it...
Kick
----------------------------------------------------------------------------
--------- Kick Willemse Product Manager e-mail: k.willemse at diginotar.nl weblog: http://www.papierloos.nl
DigiNotar B.V. Vondellaan 8 1942LJ Beverwijk telefoon: 0251-268888
-----Oorspronkelijk bericht----- Van: general-bounces at openid.net [mailto:general-bounces at openid.net] Namens David Recordon Verzonden: donderdag 5 juni 2008 1:50 Aan: openid-general List Onderwerp: Re: [OpenID] An OpenID "mobile" Hint?
I think authentication mechanism would actually be in the minority of the decisions for this sort of flow, was using the YubiKey OpenID Provider as a very clear example of what won't work on a mobile phone.
Today I'm more interested in how we can increase the number of OpenID Providers that have good mobile experiences and am thinking that this sort of extension may be a tactic in achieving that goal. Even just pitting two OpenID Providers which both use passwords against each other with one having a mobile experience and the other not would be a good thing in solving this problem.
--David
On Jun 4, 2008, at 2:34 PM, Hans Granqvist wrote:
It makes sense (though the YubiKey is a mechanism, not a provider), but it's a bit dangerous since security decisions on the RP based on the User-Agent's self-issued origin/type are quite tricky.
An attacker would pick the easiest mechanism if there is a choice, too.
Regardless, the XRDS file could map accepted authentication mechanism(s) to each URL as a simple attribute.
Hans
On Wed, Jun 4, 2008 at 2:08 PM, David Recordon <drecordon at sixapart.com> wrote:
In developing a mobile application that uses OpenID for logins one of the things I've become really cognizant of is how poor of the mobile experience most Providers have when it comes to OpenID. It obviously doesn't take a lot to create a streamlined Provider flow for authentication and the trust request, but so far it seems that no one has really done that. I was also thinking more about Providers such as YubiKey where authenticating with a USB device (despite how awesome it is) won't work on my iPhone.
I'm wondering if it would be useful to write a dead simple extension to provide some hints around mobile support? Allow a Provider to advertise in an XRDS file that they support a mobile login flow so that Relying Parties could discover that theoretically making it so that I could use a Provider such as YubiKey on the desktop and then MyOpenID on the phone.
Am I barking up a useful tree? If I spec'd this would any Providers actually implement a mobile friendly flow?
--David
_______________________________________________ general mailing list general at openid.net http://openid.net/mailman/listinfo/general
_______________________________________________ general mailing list general at openid.net http://openid.net/mailman/listinfo/general
_______________________________________________ general mailing list general at openid.net http://openid.net/mailman/listinfo/general