Friday, November 24, 2006

What could be more user-centric?

POSTInterceptor is a GreaseMonkey script that intercepts POSTs and makes their contents visible.

Here is a screenshot taken of the first POST of the OpenID authentication protocol from the "I want my OpenID" RP (the mechanism isn't of course only relevant to OpenID, SAML allows for Assertions be be POSTed around).

For some reason (beyond my limited ability to troubleshoot) the act of intercepting the POST arrests the protocol flow and I don't actually make it over to Strange because I verified that the extension did not interfere in POST operations at other (non OpenID-driven) sites. Perhaps it's interference between the Javascript controlled auto-submit and the extension?

If not for signatures, the user could use the similar control point on the POSTed response from the IDP to change/delete/add the identity attributes being asserted to.

Even without the ability to make changes, it would provide a 'Lets just see what they're saying about me' mechanism for the paranoid.

No comments: