OpenID 3.0

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Sat Feb 2 00:53:48 UTC 2008


Yes, I also wonder why the IDP can't just return the ID. As of now I 
think it's two steps for this, with the RP explicit requesting it? Or am 
I wrong with that?

James Henstridge wrote:
> On 02/02/2008, Kevin Turner <kevin at janrain.com> wrote:
>   
>> On Sat, 2008-02-02 at 08:51 +1100, James Henstridge wrote:
>>     
>>>> 5. A way for OpenID relying parties to filter out Ops. In a business
>>>> scenario, if I run the Sun employee store, I may only want the Sun OP to
>>>> talk with me.
>>>>         
>>> This is already possible with OpenID 2.0:
>>>       
>> [snip]
>>
>> This is already possible with OpenID 1.0:
>>
>> Perform discovery on the given identifier.  Compare the discovered OP
>> Endpoint to those in your filter.  If you do not like what you see, do
>> not proceed.
>>     
>
> Right.  I guess I forgot about that after using directed identity for
> a few cases just like this.  I'd argue that directed identity with a
> fixed OP URL can provide a nicer workflow for these sort of closed
> environments though:
>  1. the RP need not ask for a user name, so all authentication occurs on the OP.
>  2. If the user is already authenticated to the OP, the user could be
> authenticated to the RP without having to enter any input (if
> desired).
>  3. As mentioned earlier, the user does not need to know their
> identity URL (or even that they have one) -- they only need ot know
> the credentials needed to log into the OP.
>   
-- 
Regards 
 
Signer:  	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:  	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog:  	Join the Revolution! <http://blog.startcom.org>
Phone:  	+1.213.341.0390
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080202/c7bbc2c5/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080202/c7bbc2c5/attachment-0002.bin>


More information about the specs mailing list