> As far as I know, it's not been decided and I don't know where the > conversation is, but this sounds more like a short-term hack... it's > similar to what MyOpenID demands now if you activate Safe Sign-on.
C'mon now! You callin' us short-term?! :-) Seriously though, it isn't the ideal situation. > I think the better approach is to think about a chrome-level interface > that takes some inspiration from CardSpace and uses the card metaphor > where users choose from a visual list of identities (served by one or > more iDPs) that they want to represent them at a given site. I really like this idea. I think what we're in need of is someone to hack it up into an extension. A couple of features that come to mind: * Ability to support multiple identity providers * Open source * Anti-phishing and (possibly) reporting tools ... For example, "this site just tried to phish you, click here to report this" * Something to give a clear indication of your current provider status (logged in, out, etc) Is anybody out there interested in working on this? I'd love to get a dialog going on the wiki about possible features, screen shots, etc and then start development on something like this. I think if we can get something working Mozilla is more likely to want to integrate _that_ then to have to figure out how to do it themselves. > Bookmarklets are easy for those of us who understand that clicking > something in our bookmark bar can do more than just open links; I'm > not sure it's reached widespread understanding that this basic piece > of interface can be used to launch scripts and the like... Agreed. - Scott _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
