[OpenID] [Fwd: Re: RP Discovery]
Peter Williams
pwilliams at rapattoni.com
Fri Aug 31 19:05:14 UTC 2007
Yes, of course; it would be crazy to repeat authentication for every
page access.
---------------
In the rets community, we have something modestly similar to the sparql protocol, over the http (and/or soap) binding.
Logon does give a sessionid cookie, that later standard versions made mandatory.
However, digest authentication is performed each and every resoucre acess, after the logon tranasction. And the resources - being queries - are essentially dynamic. (The login also sends back a set of what opeind is calling now realm url matching rules)
The rolling nonces of digest auth process make this easy, and effective form of data origin authentication.
Some of us in that stds body are considering adding websso endpoints. The idea is that one completes saml or openid on that new endpoint, where the attributes communicate the values to startup the digest auth process.
More information about the general
mailing list