[OpenID] Negotiating a backup OP from the current OP

Anders Feder lists.anders at feder.dk
Sat Jun 28 00:43:26 UTC 2008 

I think what you are suggesting can almost be done with PAPE already. It
would just be a matter of producing the necessary policies (and get them
recognized).

For instance, VeriSign could produce a policy called "OP certified by
VeriSign" and upon seeing this request from the RP, your 'default OP'
would be able to redirect sign in to an OP it know supports the "OP
certified by VeriSign" policy.

fre, 27 06 2008 kl. 16:00 -0700, skrev SitG Admin:
> I was reading this:
> http://self-issued.info/?p=75
> (Posted to the board at openid.net list by Mike Jones.)
> 
> I was disturbed to see, in the first paragraph, that OpenID would be 
> accepted from "two" Providers; this is exactly the kind of lock-in 
> that will effectively *lock-OUT* the small, independent Providers.
> 
> Listing multiple OP's on the claimed Identity page may be one way to 
> get around that; just let the RP discard options until it runs out of 
> OP's or finds one it likes. But why should each user have to handle 
> their own complexities this way?
> 
> Couldn't an OP offer that sort of thing as a feature? Couldn't a RP 
> trust an OP designated by the user to at least report which *other* 
> OP's the user had approved for use if the RP didn't trust that OP to 
> authenticate the user?
> 
> I don't know what the flow would look like here, but I'm thinking 
> vaguely of something like the RP sending the user to the listed OP 
> with some arguments like "openid.untrusted", and possibly an 
> additional value for the preferred OP, or maybe the OP would respond 
> with an affirmative if it wanted to open negotiations with the RP 
> about what OP would be trusted. At some point the user would then be 
> sent to their OP, get prompted (or at least notified) about accepting 
> the other OP (or given a list of their options, whatever the RP would 
> accept), and proceed on to the new OP using the arguments that the RP 
> sent to their OP.
> 
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 

-- 
Anders Feder <lists.anders at feder.dk>

More information about the general mailing list