[OpenID] Negotiating a backup OP from the current OP
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Jun 27 23:00:36 UTC 2008
I was reading this:
http://self-issued.info/?p=75
(Posted to the board at openid.net list by Mike Jones.)
I was disturbed to see, in the first paragraph, that OpenID would be
accepted from "two" Providers; this is exactly the kind of lock-in
that will effectively *lock-OUT* the small, independent Providers.
Listing multiple OP's on the claimed Identity page may be one way to
get around that; just let the RP discard options until it runs out of
OP's or finds one it likes. But why should each user have to handle
their own complexities this way?
Couldn't an OP offer that sort of thing as a feature? Couldn't a RP
trust an OP designated by the user to at least report which *other*
OP's the user had approved for use if the RP didn't trust that OP to
authenticate the user?
I don't know what the flow would look like here, but I'm thinking
vaguely of something like the RP sending the user to the listed OP
with some arguments like "openid.untrusted", and possibly an
additional value for the preferred OP, or maybe the OP would respond
with an affirmative if it wanted to open negotiations with the RP
about what OP would be trusted. At some point the user would then be
sent to their OP, get prompted (or at least notified) about accepting
the other OP (or given a list of their options, whatever the RP would
accept), and proceed on to the new OP using the arguments that the RP
sent to their OP.
-Shade
More information about the general
mailing list