Bram and raph: I assume that the point of the challenge / response pairs is to collapse the backchannel into an occasional "stocking up" transaction between blog.example.com and signon.example.net?
However, why not just have blog.example.com register a public key at signon.example.net, then generate the challenge by encrypting a shared datum with its private key as the challenge? When signon.example.net redirects the user back to blog.example.com, it can similarly encrypt the response so blog.example.com will know the response is authentic. That way, the sites don't need to "stock up" on challenge / response pairs.
Having said that, I now want to make the case that the backchannel is important for the non-trivial logout case. The user needs to be able to log out concisely from all SSO sites. The best way to do that, without forcing a double-check between blog.example.com and signon.example.net every time the user hits a page is for signon.example.net to tell any "active" sites that the user has logged out.
Unfortunately, this means signon.example.net is going to have to retain some state. However, I think that's an unavoidable necessity, as you also want the user to control what sites are allowed to use the signon profile. I can't imagine not wanting a site to be part of my profile, but, well, maybe I can :)
The backchannel can also be useful, when the client supports images, for implementing a "silent", webbug-based login. blog.example.com includes an image that's hosted on signon.example.net. Upon receipt of that request, signon.example.net sends a backchannel message to blog.example.com confirming the user's signin status. Subsequent pages at blog.example.com can then take advantage of that status without the user ever following the login button.
Assuming blog.example.com gives signon.example.com the graphics (through the backchannel, through prior agreement, or by reference in the webbug's src URL), then the user gets immediate feedback about their login status by which graphic signon.example.net returns.
example.com:
Bram's description of the single sign-on proposal also made me realize I should evangelize the use of example.{com,net,org} here. BCP 32 / RFC 2606 reserves four TLDs (.test, .example, .invalid, and .localhost) for use in testing, documentation, etc. It also reserves the SLDs example.com, example.net, and example.org. It recommends using the .example TLD for documentation, though I personally believe the "average reader" will more readily recognize an example.{com,net,org} SLD as a "domain name".
Anyway, the reason I implore you to use the RFC 2606 domains comes from (admittedly embarassing) direct, personal experience. A long time ago (okay, two years), my primary mailserver was still running some egregious sendmail hacks (written by my local guru, not me) that provided virtual domains (before they were standard). Unfortunately, my meager understanding of those hacks, and the amount of cruft we had built around them, conspired to keep me from correcting the fact that the machine was an open relay.
While working at jGuru, I "helped out" a few of our gurus who needed a decent relay, didn't have SMTP AUTH support in their clients, and didn't have fixed IPs (and had ISPs that were refusing to relay mail coming from within their networks not bearing a From: address of @isp.example.com. Sigh.)
I promise, this is going somewhere. Anyway, one of the gurus was writing a piece on sending mail from within Java. In that piece, he provided code that used my mail server as its MTA. So, until I managed to (a) close the relay (which, yes, I know, I needed to close and I was being an irresponsible Internet citizen and so forth) and (b) get the article rewritten to use mail.example.com instead, I put up with a bounce message every day or three from someone that didn't understand they needed to put in the address of their own SMTP relay.
Now it's my sworn duty to evangelize RFC 2606. And to get websites to properly accept the plus sign (+) in the lefthand side of an email address. And to get them to accept the plus sign in a phone number. And to get AT&T to keep my bill available online for more than three months. I go paperless to save them money and they can't keep 7k of compressed data around for more than three months. Anyway, that's Mr. Quixote to you!
So, how about blog.example.com and signon.example.net? :)
Work:
A fantastically productive week. 70+ hours on the clock from Monday to Monday (inclusive). The project isn't delivered yet, but I cleaned up a lot of cruft, and put in place a new architecture that I can phase in piecemeal and still start enjoying from day one. Also tried out some simple XP refactoring tricks that are obvious and yet somehow overlooked :) (rename the old thing and all clients of it, create the new thing, migrate clients one by one, then remove the old thing).
Also, I finally wrote a wrapper for Perforce's branching that does all of the steps involved in maintaining the most common kind of branch I make. Now branching is a one sweetly simple step. Note that the agony here is introduced by my very anal separation of clients per branch, not by any inherent limitation of Perforce (not that Perforce doesn't have inherent limitations, mind you).
I bought Microsoft:
Compromise:I bought really cool-looking game this weekend - Age of Empires II, The Age of Kings (as a reward for later, when I've gotten some more bits delivered). Opened it up and read through the instructions. Only later did I notice the Microsoft logo on the box. Sigh. I would have rather supported a smaller, hungrier shop if I'm going to indulge in a little bit of proprietary software compromise.
On the subject of compromise, I had a good discussion with Allen Briggs over lunch the other day. As I creep up on thirty (1973-04-06), I'm doing the understandable reflection, introspection, and general "what have I done, and what do I have left to do?"
The short answers are "not much" and "a lot", but those grossly oversimplify things, because the truth is that I've done a fantastic amount, but have little tangible evidence of it.
Anyway, in the process of all of this, I realized that, whenever we get around to having kids, I want to raise them to see a pragmatic balance between their idealism and the mundane, material needs and desires of the world. There is a grounding in compromise I never got, which I think might have helped me to further my ideals.
What it boils down to is, ironically, something Stallman wrote in Copyleft: Pragmatic Idealism:
If you want to accomplish something in the world, idealism is not enough--you need to choose a method that works to achieve the goal.
I say "ironically" because the kind of pragmatism I'm talking about is precisely the kind Stallman rejects in other writings. I guess you could call it "embracing the enemy". Or just "selling out".
When I raise my kids, I'm going to try teach them to think clearly and rationally about what they want to accomplish, and to weigh the ethics of acting quickly to achieve more, versus acting slowly to achieve less, but achieve it more purely.
In practical terms, I'm going to advise them to go out, make assloads of money while they're young, energetic, and full of bright ideas, then turn around and spend that money while they're older, wiser, and can make it do the most good to bring about all of the changes they wanted to see when they were younger.
Because I've learned one thing, finally, and I learned it from Fried Green Tomatoes. Older and richer beats younger and faster.
Of course, the inherent challenge is to remain internally faithful to your ideals while you're externally working in apparent opposition to them.
With that said, I'm also going to do my damndest to teach them that they can work outside of where their ideals would otherwise take them to rake in the cheddar. For instance, I'm going back to school in the fall and getting an accounting degree. Who knew? Anyway, that way, when Irene gets out of law school, we can open a firm that does accounting and law in one place (useful when estates and the like are your bread and butter work). Both accounting and law can be fantastically lucrative, and even so when done ethically (if you pick the right areas of both, of course :) ).
And all of that can pay me, ultimately, to write more Free software. And raise kids who can follow their own dreams without looking back and wondering where the time went.
Fortunately, longevity runs in my family, so I've still got at least two more of my lifetime so far to noodle out the rest of the details and make my big contribution :) I mean, look at Dave Winer. He's my dad's age, and he's still got the juice. I mean, I respectfully disagree with some of his positions (more, later), but he keeps stretching himself and his ideas, and keeps generating vision. No ossification there. Keep it up, Dave!