[OpenID] An alternative OpenID UX

Peter Williams pwilliams at rapattoni.com
Thu Apr 16 00:33:52 UTC 2009

I have to admit in making n runs of openid auth per event I was thinking more of
Authority a does auth
Authority b does authz
Authority c does certified attribute x
Authoriy d does y
E does account recovery.

C may not even be the classical op. It may be a rp in charge of an rp-affiliate network, as in the saml websso model.

-----Original Message-----
From: SitG Admin <sysadmin at shadowsinthegarden.com>
Sent: Wednesday, April 15, 2009 5:00 PM
To: John Bradley <john.bradley at wingaa.com>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] An alternative OpenID UX

>Though without some trust mechanism with the OPs I don't know that
>having two or three OPs say they have performed biometrical
>authentication of the user, is that much better than one.

Assume one is offline and another is malicious; for more detail, see
(Also note that multiple factors should be covered.)

general mailing list
general at openid.net

More information about the general mailing list