[OpenID] An alternative OpenID UX

John Bradley john.bradley at wingaa.com
Wed Apr 15 19:24:30 UTC 2009 

Peter,

If it is your XRDS there is nothing to stop you from adding PAPE or  
other OpenID extension <Type> elements to your services.

This is the case with XRI or self hosted URI.  I have yet to see a URL  
based provider allow users to edit there XRDS documents.

At the moment the spec has the RP use the users highest priority  
openID service that matches the RPs criteria.

Although many RPs don't support the priority attribute on the Service  
element so milage may vary depending on RP.

There was talk of a muli auth extension.  Though it is mostly a  
modification of the RP logic.  There is no way to force a RP to  
perform that sort of authentication.

There is nothing to prevent a RP from authenticating you against  
multiple OPs  with different PAPE levels.
Though without some trust mechanism with the OPs I don't know that  
having two or three OPs say they have performed biometrical   
authentication of the user, is that much better than one.

John Bradley

On 15-Apr-09, at 12:00 PM, general-request at openid.net wrote:

> Date: Tue, 14 Apr 2009 22:32:34 -0700
> From: Peter Williams <pwilliams at rapattoni.com>
> Subject: Re: [OpenID] An alternative OpenID UX
> To: SitG Admin <sysadmin at shadowsinthegarden.com>
> Cc: "general at openid.net" <general at openid.net>
> Message-ID:
> 	<BFBC0F17A99938458360C863B716FE46398DDA3E15 at simmbox01.rapnt.com>
> Content-Type: text/plain; charset="us-ascii"
>
> I've forgotten whether the service definition in a vanity users XRDS  
> does or does not declare the PAPE level supported by that OP - and  
> thus provide the basis for an RP to decide whether can use it that  
> particular OP to satisfy its requirements.
>
> Several question come to mind if it does: is it "openid" for an RP  
> to make several requests, with only a single, specific act of user  
> input (e.g. could two 2 or 3 rounds of openid auth protocol, for one  
> typed openid)?
>
> Is it reasonable for an RP to seek out 2 or more assertions, from  
> different OPs (according to their supported PAPE levels), before  
> cross-relying on all those used, before minting a local session?
>

More information about the general mailing list