Discussion: bookmark login url discovery
Dick Hardt
dick at sxip.com
Sun Oct 15 05:13:48 UTC 2006
There seemed consensus that being able to "bookmark" an RP at the IdP
was a useful feature for users.
The IdP would send a discovery_identifier to the RP's entry point
where it is expecting to get a POST from the login form.
OpenID Authentication then proceeds as normal. (this provides the
bare response functionality that I had proposed)
In order for the IdP to do this, it needs to know the login_url.
There are a few choices:
1) the RP sends a login_url to the IdP in the authorization request
message
2) the RP sends the login_url in the associate message
3) the RP can send a separate direct message to an IdP it has not
seen containing the login_url
4) the IdP can discover the login_url from the RP (this would require
there to be a defined entry point for the RP)
(1)&(2) increase the payload in the messages, but no new communication
(3) may only have to be done once, but the RP needs to manage state
for the IdP, and the IdP has to remember it.
(4) we need to define where the entrypoint is for the RP, which is
essentially what this parameter is all about -- perhaps we can define
this entry_point and use it for bookmark login and other commands to
the RP?
Preference, comments? Should this be an extension or in the main spec?
-- Dick
More information about the specs
mailing list