[OpenID] identify RP when it gets OpenID URL

James Henstridge james at jamesh.id.au
Wed Oct 17 07:26:13 UTC 2007


On 17/10/2007, Manger, James H <James.H.Manger at team.telstra.com> wrote:
> Other solutions:
>
> OPs can offer different authentication mechanisms based on the
> openid.return_to or openid.realm parameter in an authentication request.
> However, the user has less flexibility when they have to relying on OPs.

If the primary aim is just to let the user set a policy on how
carefully they should be authenticated when talking to particular RPs,
why wouldn't this alternative be appropriate?

You are trading complexity at the OP end for complexity at the
discovery/delegation end.

Or are you trying to address a slightly different problem?  Maybe one of:
 1. using an OP that is not publicly accessible for certain operations
 2. using an RP that will only authenticate people using a particular OP.

James.



More information about the specs mailing list