[OpenID] Using OpenID to authenticate at a 3rd party service
Allen Tom
atom at yahoo-inc.com
Tue Feb 13 00:35:41 UTC 2007
This is exactly the use case that Yahoo's Browser Based Auth was
originally designed for. Perhaps an extension to the OpenID protocol can
be proposed to pass an authentication credential back to the RP in the
Auth Response.
More info about Yahoo's Browser Based Auth is here:
http://developer.yahoo.com/auth/
Allen
Chris Richard wrote:
> I want to expose a web service that relying parties can use on behalf
> of users and I'd like to use OpenID to authenticate users at this service.
>
> I'd like to add the service (a new service type) to the user's XRDS
> (which already contains an OpenID service) and now the relying party
> can find both services it needs. But what should the communication
> look like between these four parties (the user agent, relying party,
> OpenID service, my web service)? Does the relying party need to
> authenticate the user with OpenID first and then forward the user
> through my service where the user is again authenticated and
> eventually sent back to the relying party?
>
> Thanks in advance for any comments.
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070212/fb093817/attachment-0002.htm>
More information about the general
mailing list