Google as an OpenID RP
From IIW
Session: Tuesday Session 5 Space I
Conference: IIW 10 May 17-19, 2009 this is the complete Complete Set of Notes
Convener: Ilan Caron, Eric Sachs, Yaniv Shuba
Notes-taker(s): Jacky Wang , Yaniv Shuba
Tags: Technology discussed / demo / google practice
Notes:
- Currently, Google accepts OpenID login for Blogger, Moderator, FriendConnect, Appengine, FreeMusic (in China)
- GAIA - integrate OpenID into Google account management
- Create Google account: "easy verification" - half of the Google accounts are created using the yahoo/aol(?) email addresses. Therefore, we'd like to verify whether the user is the guy they claim to be.
- Hybrid onboarding - oauth plugged-in.
- Support multiple ID provider protocols, like OpenID, Windows Live ID, and Chinese local ID providers (Renren.com, etc.)
[Demo1: sync email validation]...
- What kind of email addresses are considered to be trusted?
Only the email provided by the same IDP. e.g.: abc@yahoo.com from Yahoo!, which is an IDP.
[Demo2: federated login demo - share a Google doc to the Yahoo user]
- How could user move their email, say, from yahoo to aol? The scenario is pretty complicated - it includes moving from federated domain to un-federated domain and vice versa, and federated domain to federated domain. It's an on-going effort.
- What's the checklist that an IDP need to go through before Google trust them?
Eric will start a new session on Wed to discuss it.
NOTES BY: Yaniv Shuba
Google’s live OpenId RP features:
- Blogger,Moderator App Engine and China Free Music already function as an RP.
- Friend Connect - an easy way to make your site an RP.
Work in progress:
- Integrate OpenId support into Google's login page.
- Easy verification - allow e-mail address verification during account creation using OpenId, instead of the regular procedure where a verification e-mail is sent to the user.
- Hybrid onboarding - authorize Google to get your Yahoo contact information while you sign-in.
- Google is compiling a list of requirements for IDPs to qualify for being IDPs to Google.
- The Google login page will have to change to reflect the different use-cases introduced by federated login.
[Demo1: sync email validation]...
- What kind of email addresses are considered to be trusted? Only the email provided by the same IDP. e.g.: abc@yahoo.com from Yahoo!, which is an IDP.
[Demo2: federated login demo - share a Google doc to the Yahoo user]
- How could user move their email, say, from yahoo to aol? The scenario is pretty complicated - it includes moving from federated domain to un-federated domain and vice versa, and federated domain to federated domain. It's an on-going effort.