Discussion: bookmark login url discovery

Dick Hardt dick at sxip.com
Sun Oct 15 05:13:48 UTC 2006


There seemed consensus that being able to "bookmark" an RP at the IdP  
was a useful feature for users.

The IdP would send a discovery_identifier to the RP's entry point  
where it is expecting to get a POST from the login form.
OpenID Authentication then proceeds as normal. (this provides the  
bare response functionality that I had proposed)

In order for the IdP to do this, it needs to know the login_url.  
There are a few choices:

1) the RP sends a login_url to the IdP in the authorization request  
message
2) the RP sends the login_url in the associate message
3) the RP can send a separate direct message to an IdP it has not  
seen containing the login_url
4) the IdP can discover the login_url from the RP (this would require  
there to be a defined entry point for the RP)

(1)&(2) increase the payload in the messages, but no new communication

(3) may only have to be done once, but the RP needs to manage state  
for the IdP, and the IdP has to remember it.

(4) we need to define where the entrypoint is for the RP, which is  
essentially what this parameter is all about -- perhaps we can define  
this entry_point and use it for bookmark login and other commands to  
the RP?

Preference, comments? Should this be an extension or in the main spec?

-- Dick




More information about the specs mailing list