[OpenID] An alternative OpenID UX
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Apr 15 00:53:26 UTC 2009
>Which also presents a problem when the RP wants to require a policy
>that the big players don't follow. Seems to me policy requirements
>should be relaxed upon entry and rely upon out-of-band solutions to
>pick up where policy compliance left off. In the verified e-mail
>example, the RP can trust that certain OPs have supplied a verified
>e-mail while for others the User is shown "You're e-mail must be
>verified. Click here" but in both cases, the User is still allowed
>to choose their OP.
This is where it would be useful to specify multiple OP's; the first
can vouch for my Identity using passwords, the second with
biometrics, the third with smartcards - and then take it from there:
the fourth can vouch for my E-mail address (might as well be the
E-mail Provider, and it could do this out-of-band as you suggest),
the fifth can vouch for my clearance level (should be the
government), and so on; RP's then get to send the user to OP's that
match the credentials they desire.
-Shade
More information about the general
mailing list