[OpenID] Negotiating a backup OP from the current OP

Drummond Reed drummond.reed at cordance.net
Mon Jun 30 06:38:11 UTC 2008 

This thread assumes a backup OP must be recommended from the current OP. But
OpenID users and RPs already have a mechanism for "negotiating" selection of
an OP:

a) The user lists all the OPs they use in their XRDS document (together with
any special extensions/policies each OP supports, like PAPE)

b) The RP chooses the one that best satisfies it's own policies.

=Drummond 

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of SitG Admin
> Sent: Friday, June 27, 2008 4:01 PM
> To: general at openid.net
> Subject: [OpenID] Negotiating a backup OP from the current OP
> 
> I was reading this:
> http://self-issued.info/?p=75
> (Posted to the board at openid.net list by Mike Jones.)
> 
> I was disturbed to see, in the first paragraph, that OpenID would be
> accepted from "two" Providers; this is exactly the kind of lock-in
> that will effectively *lock-OUT* the small, independent Providers.
> 
> Listing multiple OP's on the claimed Identity page may be one way to
> get around that; just let the RP discard options until it runs out of
> OP's or finds one it likes. But why should each user have to handle
> their own complexities this way?
> 
> Couldn't an OP offer that sort of thing as a feature? Couldn't a RP
> trust an OP designated by the user to at least report which *other*
> OP's the user had approved for use if the RP didn't trust that OP to
> authenticate the user?
> 
> I don't know what the flow would look like here, but I'm thinking
> vaguely of something like the RP sending the user to the listed OP
> with some arguments like "openid.untrusted", and possibly an
> additional value for the preferred OP, or maybe the OP would respond
> with an affirmative if it wanted to open negotiations with the RP
> about what OP would be trusted. At some point the user would then be
> sent to their OP, get prompted (or at least notified) about accepting
> the other OP (or given a list of their options, whatever the RP would
> accept), and proceed on to the new OP using the arguments that the RP
> sent to their OP.
> 
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list