12 comments posted · 8 followers · following 0
I just wish they'd pushed forward some of the discovery technologies (XRD/XRDS-Simple) that we've been working on!
That said, I think that we still a way to really do P2P-style, disintermediated connections that don't rely on a centralized proxy. It's one thing if you want to bootstrap with such a service — that's fine! — but I think it should be one option among many.
Here're a few that I like:
don't have a browser. Consider if Netflix supported OpenID and you
wanted to access your account on your Blu-Ray player where you have no
In that case, you'd need to have a solution "beyond the browser".
Surely you could use OAuth generally, but the idea is identifying
yourself and providing proof of who you are through some out of band
An easier way to think about this is that OAuth is about what you can do, whereas OpenID is about who you are.
If you had to sign in to Facebook EVERY TIME you went to a third party, that'd be a serious buzz kill. (Hence the long-lasting sessions).
Now, that said, it seems like the optimal user experience is a two-step process:
1. log the user out of the local site
2. pop a lightbox that says "we've logged you out of this site; would you also like to sign out of [Identity Provider]?"
If it were baked into the protocol (say, OpenID 2.1??) this would be a pretty great user experience. This is what Facebook's UI currently looks like, FYI:
When I'm at home (SF), my session rarely, if ever, expires. Clearly something intentional was going on there. Kind of a nice feature for travelers who use internet kiosks, etc.