- t: contrast easy Twitter/PuSH/#OAuth APIs + examples with huge/complex #OpenID PHP libraries (cc: @chrismessina) - over a dozen classes with dozens of methods total in http://janrain.com/openid-enabled/ that's the 1.x libs (nevermind 2.x) and samples just for consuming OpenIDs. I have a lot more sympathy now for those who give up on or deprioritize OpenID support. The barrier to entry for OpenID support is far too high for independent developers.
- t: modest proposal for "good enough" authentication via your own URL: OAuth + Twitter (AKA TwitterAuth) + rel-me bidirectional identity consolidation. works for all users who enter their site in their Twitter "More Info URL" setting, and put a rel="me" hyperlink from their site to their Twitter - easier than having to write/maintain two invisible link rel="openid.*" tags to their OpenID server/delegate URLs (and having to learn what those mean/are).
- aaronpk: @t I spent hours poring over OAuth/OpenID docs this weekend, I sympathize. But is tying to a specific vendor (Twitter) safe/possible?
- ptarjan: @t @progrium make a new endpoint: take a url as an input, crawl the rel-me graph, check for oauth, do the auth, return as an openid endpoint
- progrium: @ptarjan Pretty genius if only it made sense in your tweet. @t idea is OpenID wrapper for RelMeAuth
- t: that's right @progrium, RelMeAuth (nice suggestion) works for any #OAuth + rel-me site, and enables auto-fallback with use of alternate identities for authentication: 1 user enters their site URL; 2 iterate through their outbound rel-me links; 3 if a rel-me destination is up, and rel-me links back to user's site, and has OAuth endpoint, then do OAuth authentication. Thus user links to their RelMeAuth profiles in preference order, and authentication code tries them in order. e.g. Twitter, Identi.ca, ... etc. No more OpenID server/delegate single point of failure, nor need to learn yet another XML format.
- aaronpk: @t That process sounds like it would place a huge burden on the site trying to authenticate the user. It's already hard enough to get plain OpenID to work. Can you clarify the benefits to the user?
- ptarjan: @t @progrium I like RelMeAuth. How about a prototype at another location: http://relmeauth.appspot.com/http://paulisageek.com crawl then 302
- ptarjan: @aaronpk @t Wouldn't we just be another openid provider? Albeit one that uses rel-me and OAuth, but that should be transparent to the client