[OpenID] An alternative OpenID UX
Peter Williams
pwilliams at rapattoni.com
Thu Apr 16 00:33:52 UTC 2009
I have to admit in making n runs of openid auth per event I was thinking more of
Authority a does auth
Authority b does authz
Authority c does certified attribute x
Authoriy d does y
E does account recovery.
C may not even be the classical op. It may be a rp in charge of an rp-affiliate network, as in the saml websso model.
-----Original Message-----
From: SitG Admin <sysadmin at shadowsinthegarden.com>
Sent: Wednesday, April 15, 2009 5:00 PM
To: John Bradley <john.bradley at wingaa.com>
Cc: general at openid.net <general at openid.net>
Subject: Re: [OpenID] An alternative OpenID UX
>Though without some trust mechanism with the OPs I don't know that
>having two or three OPs say they have performed biometrical
>authentication of the user, is that much better than one.
Assume one is offline and another is malicious; for more detail, see
http://openid.net/pipermail/general/2009-January/007786.html
(Also note that multiple factors should be covered.)
-Shade
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list