[OpenID] An alternative OpenID UX

Peter Williams pwilliams at rapattoni.com
Thu Apr 16 00:33:52 UTC 2009


I have to admit in making n runs of openid auth per event I was thinking more of
Authority a does auth
Authority b does authz
Authority c does certified attribute x
Authoriy d does y
E does account recovery.

C may not even be the classical op. It may be a rp in charge of an rp-affiliate network, as in the saml websso model.


-----Original Message-----
From: SitG Admin <sysadmin at shadowsinthegarden.com>
Sent: Wednesday, April 15, 2009 5:00 PM
To: John Bradley <john.bradley at wingaa.com>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] An alternative OpenID UX


>Though without some trust mechanism with the OPs I don't know that
>having two or three OPs say they have performed biometrical
>authentication of the user, is that much better than one.

Assume one is offline and another is malicious; for more detail, see
http://openid.net/pipermail/general/2009-January/007786.html
(Also note that multiple factors should be covered.)

-Shade
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



More information about the general mailing list