log inhelp

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Eric Sach's Summary of 2010 Summit West Day One

Page history last edited by Chris Messina 14 years ago

Most frequent issues in order of frequency

  1. Simpler protocol for simpler use-cases
  2. IDP whitelist/certification
  3. Non-browser apps
  4. Email as identifier
  5. Additional attributes (Billing/Address/sex/gender/location/basic-reputation)
  6. Improve Nascar UI with central discovery mechanism
  7. Best practices for sign-out, and quick switch between identities

There appeared to be presenters on 1, 2, 4, and 7 for Tuesday.

  1. Simpler protocol for simpler use-cases

    • Use Case 1: Single IDP (internal, Facebook, Twitter, LinkedIn, PayPal, etc.)
    • Use Case 2: Nascar UI for whitelist of IDPs
    • Use Case 3: Nascar UI for whitelist of IDPs with Email as identifier

  2. Requests:

    • must do oauth+openid
    • simpler libraries for those use-cases
    • libraries with RPX like functionality
    • smaller libraries
    • libraries that can be linked to a continuous build
    • avoid realm complications for simpler use-cases
    • leverage manual key registration for simpler use-cases
    • simpler use-case should be sufficient for Twitter & FB to use so there is a single protocol

  3. IDP whitelist/certification

    • libraries should have hardcoded discovery information for big IDPs
    • best practices for liability
    • certification of IDPs for:
      • uptime
      • what email they can provide
      • consistency in functionality
      • consistency in UI

  4. Non-browser apps

    • Best practices for doing OAuth on different platforms

  5. Email as identifier

    • For IDP discovery from Email, should RPs use a whitelist or webfinger?
    • How does RP know which IDP can assert addresses in a particular domain, i.e. a Google Account for an @yahoo.com address with a weak password should not be usable to login to an RP who directly supports Yahoo as an IDP
    • Best practices to use OpenID for email validation

  6. Additional attributes (Billing/Address/CC#/sex/gender/location/basic-reputation)

    Best practices, especially for reputation data?

  7. Improve Nascar UI with central discovery mechanism

    • Meebo presentation
    • Older PDS/CDS proposals

  8. Best practices for sign-out, and quick switch between identities

    • Is sign-out an OS problem or browser problem?
    • How should browsers and installed-apps deal with a single human two 2+ identities they want to use simultaneously (work + personal)

Comments (0)

You don't have permission to comment on this page.

Printable version