28 Jun 02:16
Re: [OpenID] Negotiating a backup OP from the current OP
From: Dick Hardt <dick <at> sxip.com>
Subject: Re: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-28 00:16:05 GMT
Subject: Re: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-28 00:16:05 GMT
On 27-Jun-08, at 4:59 PM, SitG Admin wrote: >> To do that, we need to evolve the protocol so that RPs don't feel >> they need to distinguish between OPs. > > Quick thought - I agree that doing this in OpenID is a good thing, > since it lifts some of the burden from RP's, but more delineation in > security for just about *any* website these days is a good thing - > most of them have a great deal of room for improvement :( > > I just started to expand this quick thought and then realized it's > way too much for the time I have now. Let me say, then, that RP's > could restrict access to some operations by OP, saying "You can use > any old OP for your daily stuff, but when you want to change account > info you must use Verisign's secure authentication." I would agree except I would use a generic strong authentication instead of a vendor specific mechanism. Similar to mechanisms today. Amazon lets you do somethings on your account if you have a cookie from a previous session, but requires you to authenticate when you want to make a purchase. (I also don't have enough time to go deeper -- but also like to have small, snack size posts that are easy to digest!) -- Dick
RSS Feed