My approach was to give the user the more familiar Yahoo asset scenario.

The user wants to sign in, they use their Yahoo User Name and password. That’s all.

Perhaps your way is more secure in that matter since it doesn’t expose the username directly but in most cases most users use almost the same username in all of the services (in most cases) so I don’t think that’s an issue here.

idproxy requires an additional step which is one step too much for the common Yahoo user.

Anyhow, I’ll ping you later on today and I’ll try to articulate better and perhaps we will reach an even better solution :-)

Eran

I’m glad to hear I wasn’t the only person working on this idea – it shows it has legs.

Your concept of including the Yahoo! ID in the URL is neat but I don’t think it’s possible against the existing BBAuth API, as that’s designed specifically /not/ to reveal the user’s Yahoo! ID to the service that calls it (for privacy reasons) – it gives you an anonymous user hash instead, so the only assertion you can ever make is that the person who logged in just now is the same as the person who logged in a few days ago. That’s why I took the more straight forward approach of having you manually create an OpenID after signing in with your Yahoo! account.

My e-mail address is simon @ my OpenID – drop me a line and we can talk more.

Cheers,

Simon