[OpenID] An alternative OpenID UX

SitG Admin sysadmin at shadowsinthegarden.com
Wed Apr 15 00:53:26 UTC 2009


>Which also presents a problem when the RP wants to require a policy 
>that the big players don't follow. Seems to me policy requirements 
>should be relaxed upon entry and rely upon out-of-band solutions to 
>pick up where policy compliance left off. In the verified e-mail 
>example, the RP can trust that certain OPs have supplied a verified 
>e-mail while for others the User is shown "You're e-mail must be 
>verified. Click here" but in both cases, the User is still allowed 
>to choose their OP.

This is where it would be useful to specify multiple OP's; the first 
can vouch for my Identity using passwords, the second with 
biometrics, the third with smartcards - and then take it from there: 
the fourth can vouch for my E-mail address (might as well be the 
E-mail Provider, and it could do this out-of-band as you suggest), 
the fifth can vouch for my clearance level (should be the 
government), and so on; RP's then get to send the user to OP's that 
match the credentials they desire.

-Shade



More information about the general mailing list