28 Jun 01:00
[OpenID] Negotiating a backup OP from the current OP
From: SitG Admin <sysadmin <at> shadowsinthegarden.com>
Subject: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-27 23:00:36 GMT
Subject: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-27 23:00:36 GMT
I was reading this: http://self-issued.info/?p=75 (Posted to the board <at> openid.net list by Mike Jones.) I was disturbed to see, in the first paragraph, that OpenID would be accepted from "two" Providers; this is exactly the kind of lock-in that will effectively *lock-OUT* the small, independent Providers. Listing multiple OP's on the claimed Identity page may be one way to get around that; just let the RP discard options until it runs out of OP's or finds one it likes. But why should each user have to handle their own complexities this way? Couldn't an OP offer that sort of thing as a feature? Couldn't a RP trust an OP designated by the user to at least report which *other* OP's the user had approved for use if the RP didn't trust that OP to authenticate the user? I don't know what the flow would look like here, but I'm thinking vaguely of something like the RP sending the user to the listed OP with some arguments like "openid.untrusted", and possibly an additional value for the preferred OP, or maybe the OP would respond with an affirmative if it wanted to open negotiations with the RP about what OP would be trusted. At some point the user would then be sent to their OP, get prompted (or at least notified) about accepting the other OP (or given a list of their options, whatever the RP would accept), and proceed on to the new OP using the arguments that the RP sent to their OP. -Shade
RSS Feed