[OpenID] Yahoo hijacking?
Max Metral
max at artsalliancelabs.com
Sat Apr 19 23:46:59 UTC 2008
Sorry, I meant if RP's send users to IDP's and have to worry about the
IDP taking them off somewhere else.
-----Original Message-----
From: SitG Admin [mailto:sysadmin at shadowsinthegarden.com]
Sent: Saturday, April 19, 2008 3:36 PM
To: Max Metral
Cc: general at openid.net
Subject: Re: [OpenID] Yahoo hijacking?
>If potential adopting sites come to believe that there's a
>non-negligible chance that sending someone off to signin with OpenID
>is the last time they'll see them, and in this case that on the
>margin, the IDP is potentially competing with the RP for the users
>attention, we're in trouble.
I need clarification on one point here - what role are these
"potential adopting sites" playing? Are they sending the user off to
a 3rd-party IDP to sign in to the adopting site, or are they letting
the user sign in to a 3rd-party RP by providing the OpenID
credentials? I need to nail down some concretes before I can
generalize; I need to have something solid to generalize *from*. Does
this sort of scenario revolve around becoming an IDP or becoming a RP?
-Shade
More information about the general
mailing list