30 Jun 08:38
Re: [OpenID] Negotiating a backup OP from the current OP
From: Drummond Reed <drummond.reed <at> cordance.net>
Subject: Re: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-30 06:38:11 GMT
Subject: Re: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-30 06:38:11 GMT
This thread assumes a backup OP must be recommended from the current OP. But OpenID users and RPs already have a mechanism for "negotiating" selection of an OP: a) The user lists all the OPs they use in their XRDS document (together with any special extensions/policies each OP supports, like PAPE) b) The RP chooses the one that best satisfies it's own policies. =Drummond > -----Original Message----- > From: general-bounces <at> openid.net [mailto:general-bounces <at> openid.net] On > Behalf Of SitG Admin > Sent: Friday, June 27, 2008 4:01 PM > To: general <at> openid.net > Subject: [OpenID] Negotiating a backup OP from the current OP > > I was reading this: > http://self-issued.info/?p=75 > (Posted to the board <at> openid.net list by Mike Jones.) > > I was disturbed to see, in the first paragraph, that OpenID would be > accepted from "two" Providers; this is exactly the kind of lock-in > that will effectively *lock-OUT* the small, independent Providers. > > Listing multiple OP's on the claimed Identity page may be one way to > get around that; just let the RP discard options until it runs out of > OP's or finds one it likes. But why should each user have to handle > their own complexities this way? > > Couldn't an OP offer that sort of thing as a feature? Couldn't a RP > trust an OP designated by the user to at least report which *other* > OP's the user had approved for use if the RP didn't trust that OP to > authenticate the user? > > I don't know what the flow would look like here, but I'm thinking > vaguely of something like the RP sending the user to the listed OP > with some arguments like "openid.untrusted", and possibly an > additional value for the preferred OP, or maybe the OP would respond > with an affirmative if it wanted to open negotiations with the RP > about what OP would be trusted. At some point the user would then be > sent to their OP, get prompted (or at least notified) about accepting > the other OP (or given a list of their options, whatever the RP would > accept), and proceed on to the new OP using the arguments that the RP > sent to their OP. > > -Shade > _______________________________________________ > general mailing list > general <at> openid.net > http://openid.net/mailman/listinfo/general
RSS Feed