![[OpenID enabled]](http://lid.netmesh.org/images/openid-relying-party-anonymous.gif)
![[XRI enabled]](http://lid.netmesh.org/images/inames.gif)
![[LID enabled]](http://lid.netmesh.org/images/lid-relying-party-anonymous.gif)
Talk:User Scenarios
From Yadis
The mailing list has been down for two days, and I'm not sure this warrants a formal proposal, so I'll post here and hope someone sees it.
I would like to see considered the possibility of having the URL declared by the user's browser, rather than entered into a text field in a form.
For example, in mIDm I encode the URL in the browser header, by appending it to the user Agent information. see here
This might not be the best way to do it, I fully realize. It was the best way I could think of. But it seems to me that there should be some consensus on the question of, if the browser header (or some other property) is used, then where and in what format is the URL located.
In the senario page, it would look something like: "A reader reads a blog post and decides to comment. She clicks on the comment button. The authentication system works behind the scenes such that, when the content is submitted, her name and email (assuming she authorized these items to be released) are displayed on the post."
I also have a wider scenario in mind. Consider:
"A reader reads a blog post and decides to comment. She clicks on the comment button. The authentication system works behind the scenes such that the comment is automatically posted to her blog, and a notification sent to the blog, which may or may not (at its discretion) harvest and display the post."
Johannes Ernst: I think these are perfectly valid scenarios. With the Mozilla folks looking into potentially supporting identity natively in the browser, it's not unrealistic to assume that some of those, or similar to those, could become real. Do you think that any of these require any extensions to the base protocol(s) of Yadis, LID and OpenID or others? The only thing I can think of is that it might be advantageous if the browser (or any HTTP client) could tell whether an HTTP Redirect is just a redirect, or is a redirect for the purposes of authentication; this is a "marker" of some sort I'm planning to introduce into LID, but it might apply to OpenID etc. as well.
Stephen Downes: Do you think that any of these require any extensions to the base protocol(s) of Yadis, LID and OpenID or others? No. One of the things I've tried to demonstrate with mIDm is that acquisition of the URL from the header is functionally equivalent to acquiring it via forms input (though must easier for the user, who doesn't have to type it in).
Your comment on the redirect is well-taken; in the case of mIDm the redirect includes a token (I call it a 'key'), but there's no browser-based way of recognizing that.
