[OpenID] 2-Headed OpenID Auth for Increased Security?
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Dec 3 00:38:24 UTC 2008
>We toyed with this idea in Liberty for SAML but never did anything
>with it - partly because it would already work out of the box with
>SSO protocols as they are if the RP coordinates the multiple
>authentications.
Exactly - the exciting answers here will not be "HOW can we do it?"
but "WHY should we do it?".
>We did think of optimizations whereby you could eliminate some
>redirects by having (in OpendID terminology) the first RP indicate
>to the first OP the second OP in the openid.return_to - I'm not
>sure this would be legal in OpenID?
What do you mean by the first RP?
My understanding of the process here (my own poor statements
notwithstanding) is that the user would have multiple *URI's*, each
with their own OP, and use all of these with a single (suspicious) RP.
-Shade
More information about the general
mailing list