Interesting Combination of OpenID and Information Cards

From Mike Jones there is this post about a Sxip proposal to combine OpenID with Information Cards. I have only given it a cursory glance so far, so I am not sure what I think yet. It does seem compelling because using Information Cards overcomes some of the issues around OpenID while still preserving the ability to do trust based on URL ownership.

What’s really interesting about this is that it doesn’t use SAML 1.1 tokens. It uses a OpenID Specific token in the RSTR. I gave it a quick try and it worked smoothly using the following token in the RSTR:

<openid:OpenIDToken xmlns:openid=”http://specs.openid.net/auth/2.0″>openid.ns:http://specs.openid.net/auth/2.0
openid.op_endpoint:https://openidcards.sxip.com/op/
openid.claimed_id:https://openidcards.sxip.com/i/jbohren
openid.response_nonce:2007-08-27T12:13:31Z0
openid.mode:id_res
openid.identity:https://openidcards.sxip.com/i/jbohren
openid.return_to:https://openidcards.sxip.com/demorp/
openid.assoc_handle:e88bb8e5c4577c85
openid.signed:op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.sig:S4TcYfUDeUOIiCg0idtmJYijKGQ=
openid.ns.ext1:http://openid.net/srv/ax/1.0-draft4
openid.ext1.mode:fetch_response
</openid:OpenIDToken>
I will have to dig into this some more. It does look very interesting.

(Mirrored from TalkBMC)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s