New OP-MultiAuth Draft Published
David Fuelling
sappenin at gmail.com
Mon Jan 19 16:00:12 UTC 2009
On Sun, Jan 18, 2009 at 10:41 PM, Paul Madsen <paulmadsen at rogers.com> wrote:
> Hi David, your extension is an authentication policy declaration from the
> user to the RP.
>
> PAPE allows the RP to declare its authentication policy to the OP (and vice
> versa).
>
> I wonder if there is an opportunity for convergence?
>
I'm open to anything, although PAPE is more of an Auth extension, whereas
MultiAuth (at least in its present form) is more of a Discovery extension.
If the community sees value in something like this, I think a better place
for it would be inside of OpenID Auth Discovery 2.1.
>
> Or at minimum a naming scheme that hilites the commonality ...... UAPE :-)
>
> paul
>
> David Fuelling wrote:
>
> For anyone interested, I've put out a 2nd draft of my OP-MultiAuth idea. I
> think the first draft was pretty confusing, so hopefully this clarifies
> things a bit more.
>
> Wiki Page: http://wiki.openid.net/OP-MultiAuth
> Actual Draft:
> http://wiki.openid.net/f/openid-provider-multiauth-extension-1_0-2.html
>
> In a nutshell, the idea here is to protect end-users against a "rogue OP"
> by providing a mechanism for a Claimed Identifier to mandate that an RP get
> valid auth assertions from two or more different OP's before giving access
> to RP-protected resources.
>
> Thanks!
>
> David
>
> ------------------------------
>
> _______________________________________________
> specs mailing listspecs at openid.nethttp://openid.net/mailman/listinfo/specs
>
> ------------------------------
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.552 / Virus Database: 270.10.8/1899 - Release Date: 17/01/2009 5:50 PM
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090119/08a38e5c/attachment-0002.htm>
More information about the specs
mailing list