1

Is there a way to perform identification with OpenID, not just authentication?

With OpenID i give an OpenID-enabled web-site my identifier, e.g.:

alt text

And then the relying party asks the OpenID provider if i do, in fact, own the identifier "ianboyd.stackoverflow.com".

But this isn't what i want. i want what Google and Facebook do; which violates the OpenID standard.

A "Google OpenID" enabled site transfers to google. From there i perform a login (identification and authentication), and an identifcation is returned to the relying party.

That's what i want. But i want to use OpenID, so i don't have to ask every site on the internet to support my custom security implementation. In other words:

Is there a way to perform identification with OpenID, not just authentication?

The reason i want this is that my OpenID provider use Windows Cardspace for identification and authentication. The provider will pop up Windows Cardspace on a secure desktop:

alt text

From there i can choose an existing identity, or choose to create a new one. The identity has a unique, private, identification number, that can be returned to the relying party.

But without a way to return an identity, then i cannot use OpenID for identification.

Ian Boyd
  • 246,734
  • 253
  • 869
  • 1,219
  • I am confused. Openid authenticates *identities*, and identities is represented as OpenID URL. What does Google do that other OpenID idPs *don't* do? – timdream Nov 27 '10 at 18:27
  • Google's OpenID url is not my unique identity (`https://www.google.com/accounts/o8/id`) which i then prove that i own. In canonical OpenID, i present a string that identify's me (e.g. `ianboyd.myopenid.net`), which i then prove i own. – Ian Boyd Nov 30 '10 at 17:11

1 Answers1

0

Most client implementations do just that. I used a Python implementaion for OpenID and it offered me two ways to authenticate; one of them was redirection, where actually log in on the OpenID site before getting re-directed back to the original site.

Also, you use the OpenID URL to associate account/user data with it.

Take a look at how StackOverflow does it. ;)

Also read this: http://en.wikipedia.org/wiki/OpenID

BastiBen
  • 19,679
  • 11
  • 56
  • 86
  • **My** OpenID url (`https://www.google.com/accounts/o8/id`) is an id that is shared with a lot of people. What i cannot find in OpenID is the mechanism where my **identity** can be returned to the caller. – Ian Boyd Nov 30 '10 at 17:13
  • What do you understand under the term *identity*? – BastiBen Nov 30 '10 at 18:20
  • And my OpenID url is `http://timothy.green.name` which merely has a few meta tags. – TRiG Dec 02 '10 at 19:43