[OpenID] Security related Use Cases?
Ben Laurie
benl at google.com
Wed Oct 22 13:11:06 UTC 2008
On Wed, Oct 22, 2008 at 2:03 PM, Peter Williams <pwilliams at rapattoni.com> wrote:
> The Google page Eric showed was pretty straightforward. You can navigate to Google Apps and use a control to login using the local auth mechanism (similar to the way folks have done things over telnet for 30+ years). Or, you can use a control on that same page redirect to an IDP, perform its procedures and get an assertion that the RP may trust.
And?
>
> You can argue that the RP local auth is a co-resident IDP communicating over an HTML controls binding, but this is just formalism for security engineers.
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Ben Laurie
> Sent: Wednesday, October 22, 2008 2:55 AM
> To: Dick Hardt
> Cc: OpenID List
> Subject: Re: [OpenID] Security related Use Cases?
>
> On Wed, Oct 22, 2008 at 4:18 AM, Dick Hardt <dick at sxip.com> wrote:
>> I would guess Ben is talking about authentication to the RP
>
> Actually, I meant any authentication - what does authentication to the
> RP mean, anyway? If I am authenticating to it directly, then it isn't
> an RP, right?
>
>
More information about the general
mailing list