OpenID

WishList

Contents

OpenIDServers we'd like to see

  • Blogs: Blogger, Drupal, Serendipity (S9Y), fotolog.com
    • Wordpress: Plugin Available. Small bugs which I fixed (trailing / caused issues). Also implements OpenIDConsumer
  • Wikis: Wikipedia, WardsWiki
  • Photosharing: Flickr, Pbase
  • Jabber - really nice, but would require some web gateway (Here is one: announcement running server )
  • PIM & webmail: Horde/IMP
  • Facebook.com - usernames are e-mail addresses
  • deviantART

OpenIDConsumers we'd like to see

Feature requests?

  • OpenID performing as an OpenID consumer to provide updated personal information to other verifiable OpenID users. Provides an open, up to date and distributed pim system.
    • Link a persona to an OpenID as the trust root. Only return the requested information if the trust root is verified.
    • Won't have to sign in to a separate consumer to update personal information and rely on them to store and distribute it.
  • Standard yet expandable user profile
    • Blog URL
    • Photo, Avatar, etc images
    • All those other things we hate having to type in every time we join a new forum or blog service.
  • Message signing, possibly as outlined here. Offering authentication might make OpenID more compelling to the masses.
  • Server accounts using @ sign allowing someone to type in user@server.com and validate at that username through said server rather than at a URL (Note: not related to email, but could be)
  • In LJ one user have three different URLs: username.livejournal.com, www.livejournal.com/~username, www.livejournal.com/users/username. From the OpenID consumer, there are three different users (actually, in OpenID user = URL). May be, `openid.identity` in `id_res` must be a “canonical�� user's URL?
    • Would this result in the user providing the consumer with the URL www.livejournal.com/~username and then eventually being logged in with the contents of the openid.identity field, such as username.livejournal.com? If so then wouldn't problems arise if username.livejournal.com used a different delegate? That wouldn't be the case with this exact example but if the URLs were hosted on different servers (which, I think should be allowed), then the consumer would need to use the server and delegate information from username.livejournal.com rather than the URL that was originally provided. So rather than informing the consumer of this URL change in the id_res, it may be better to make it the responsibility of the consumer to follow an additional link HTML element with a rel tag of openid.redirect. I am assuming that Step 3 of the spec means that the consumer must follow HTTP redirects. This additional HTML link would allow user browsers to view the page while OpenID consumers are redirected.
    • In LJ the '-' (dash) and '_' (underscore) symbols are both valid, but underscores are converted to dashes when visiting *.livejournal.com; this may need to be taken into account when the Consumer first accepts openid_identifier.
  • Simple, computer illiterate-friendly documentation, diagrams and examples of what OpenID is and does, how it works, and why it's needed/useful. OpenID.net is informative, but even in the "big picture" descriptions, there are language-complexity/lingo hurdles. (Example: The answer to "What about trust?" does not answer many people's questions.)
  • Expand OpenID article on Wikipedia to explain the concept -- note also versions in Italian and in Russian. Other translations welcome!
  • Comments from Anonymous ;) [http://livejournal.com/~grfgguvf/319.html

Link]:

    • About ids with user name and @ - i guess it can be tied with other auth systems. perhaps LDAP, drupal or jabber? :-) If make full id string like a full url with optioal protocol specifier and username specifier.
    • BTW, casting LJ's paths to blog to something like atom2://MyUserName@livejournal.com could solve "In LJ one user have three different URLs:"
    • And i guess specs are to include some way to organize a "Web ring" IN real life i might already have a lot of accounts on many servers already - and since OpenID does not insist that forum2 trusts forum1 will check my password (sxip model, in other words i cannot login to existing account at forum1 using OpenID from forum2) - they will give me different OpenID's. Guess each id-server is to provide by request a list of extra id's. Then client can peek through each server step by step and collect all ID's if wanting too.
  • OpenID Consumer feature: keep track of the URI that the user originally submitted as their ID, separately from the Delegated ID that they login to their server with. Not just to let users authenticate as myblog.com (where the OpenID headers of myblog.com say "I want to log in at mymainserver.com with delegation to myblog.mymainserver.com"), but because the phpMyID Provider requires that the delegation ID be the same as the server ID.
  • OpenID Actions (Pingback/trackback) - I would love to see my the ability for openID enabled applications to send information back to the provider. eg: If I post a new thread on a phpbb forum.. Post on my blog.. comment on a blog..
    • This would cause an active history/timeline of my activities. This functionality would allow for interesting options in dataportability.

Miscellaneous

  • Wikipedia is looking for a transparent PNG or SVG version of the OpenID logo (with alpha channel transparency) for the article there -- see http://en.wikipedia.org/wiki/Image:OpenID_logo.png
  • Would be nice with stickers/mugs to be available from cafépress or similar shop. I'd fill our entire office until my colleagues give in and make our site openid compliant.
  • Movable Type comes with an OpenID server (which hasn't been updated in a while), but it's documentation is less than minimal. Better documentation on how to control / customize various aspects of the OpenID server there are in order.

developer tools

  • test servers (to test consumers under development ) that are configurable (e.g. cause them to fail at certain stages or fallback to the auth spec 1.1) and report what's going on in the protocol at various stages for debugging
  • test consumers (to test servers under development, and for comparing with other consumers in development) that are configurable (e.g. cause them to fail at certain stages or fallback to the auth spec 1.1) and report what's going on in the protocol at various stages for debugging

yes these are both developer-related but I can't find a place to post them. Jason 13:36, 31 January 2008 (PST)

LiveJournal-specific

This doesn't really belong here, but since LiveJournal's users have been linked here and have been adding stuff already they might as well stay for now.

  • Some sort of usericon support would be nice. Maybe consumers could ask the server for a
    • This is already possible via FOAF integration, but I don't understand exactly how it works.
    • This is available now on the LiveJournal server-side, when leaving comments on a LiveJournal ** After digging around quite a bit on the subject, I couldn't make a userpic appear with my comments made as an OpenID user on a LJ. Using the foaf:logo property in a FOAF file like you would expect, assigning this FOAF url into LJ where you would expect and leaving a comment produces no userpic. I suspect a study of the current LJ source is in order if we want to see this documented, if it does actually work at all.
    • One word. Favicons. Use whatever is in the favicon.ico in the identity's webspace.
    • Just go to "profile" -> "Manage" -> "Userpics" /editpics.bml
  • Email notification of comments via LiveJournal or elsewhere. Perhaps the email address can be specified in the link tags of the OpenID user's site, or by editing the OpenID user's LJ info page (only possible now by visiting http://www.livejournal.com/editinfo.bml)
    • E-mail notifications of comments does work now if you enter your e-mail address on the Edit Info site. Not sure how new this us, but definitely something that I was missing before.
  • The ability to have your OpenID identity on LiveJournal have an RSS Feed, so when people add you as a friend, your blog is featured in their Friends page. (RSS/Atom, what have you)
  • Something nicer than ext_0000 as a username on LiveJournal
  • The ability to post to communities, without having to register for an actual LiveJournal account.
  • Not treating OpenID comments the same as anonymous.
    • Seconded. If a person takes the time to authenticate against something, be it the built in system of Livejournal, or the expansive area that is OpenID, that person is choosing to say who they are. Treating them like people who are hiding behind something is not equal.
    • Thirded! I don't think I need to say much more, I can only agree with the fact that OpenID users aren't anonymous, they ARE providing an identity.
  • Viewing friends-only posts is inconsistent. An OpenID account can view friends-only posts in an LiveJournal users journal, but not via the calendar or on the OpenID account's friends page.
  • Update LJ to the latest Yadis spec.
Retrieved from "http://wiki.openid.net/WishList"