[OpenID] Security related Use Cases?
Peter Williams
pwilliams at rapattoni.com
Wed Oct 22 13:03:22 UTC 2008
The Google page Eric showed was pretty straightforward. You can navigate to Google Apps and use a control to login using the local auth mechanism (similar to the way folks have done things over telnet for 30+ years). Or, you can use a control on that same page redirect to an IDP, perform its procedures and get an assertion that the RP may trust.
You can argue that the RP local auth is a co-resident IDP communicating over an HTML controls binding, but this is just formalism for security engineers.
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Ben Laurie
Sent: Wednesday, October 22, 2008 2:55 AM
To: Dick Hardt
Cc: OpenID List
Subject: Re: [OpenID] Security related Use Cases?
On Wed, Oct 22, 2008 at 4:18 AM, Dick Hardt <dick at sxip.com> wrote:
> I would guess Ben is talking about authentication to the RP
Actually, I meant any authentication - what does authentication to the
RP mean, anyway? If I am authenticating to it directly, then it isn't
an RP, right?
More information about the general
mailing list