[OpenID] Negotiating a backup OP from the current OP
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Jun 27 23:59:53 UTC 2008
>To do that, we need to evolve the protocol so that RPs don't feel
>they need to distinguish between OPs.
Quick thought - I agree that doing this in OpenID is a good thing,
since it lifts some of the burden from RP's, but more delineation in
security for just about *any* website these days is a good thing -
most of them have a great deal of room for improvement :(
I just started to expand this quick thought and then realized it's
way too much for the time I have now. Let me say, then, that RP's
could restrict access to some operations by OP, saying "You can use
any old OP for your daily stuff, but when you want to change account
info you must use Verisign's secure authentication."
-Shade
More information about the general
mailing list