[OpenID] identify RP when it gets OpenID URL
Johnny Bufu
johnny at sxip.com
Wed Oct 17 18:14:55 UTC 2007
On 16-Oct-07, at 7:58 PM, Manger, James H wrote:
> Use case: Alice wants to use different OPs for different RPs, while
> keeping the same URL (eg http://alice.example.net/). For instance,
> when logging into a service hosting her backups she wants to use an
> OP that requires a one-time password from a hardware token for each
> access. However, when leaving comments on blogs Alice wants to
> authenticate using an OP that only requires a password and uses a
> persistent cookie so she only has to log in once a day.
I believe there's a cleaner way to address this, that would not
complicate the things that Alice needs to know about the inner
workings of OpenID (and without her having to use different
identities for different purposes):
The PAPE-enabled backup service requests that the OP authenticates
Alice in a manner compliant with certain policies, that are
satisfactory to Alice's security requirements for a backup service.
Johnny
More information about the specs
mailing list