[OpenID] New OP-MultiAuth Draft Published
Peter Williams
pwilliams at rapattoni.com
Mon Jan 19 00:44:13 UTC 2009
OpenId already has extensible methods for user->RP signaling: it's called the XRDS at the vanity URL (or the XRDs returned by XRI resolution). Its highly extensible.
As I indicated to David privately, I don't like the idea much of using the openid itself for signaling. is In general, in the case of a vanity URI presented to the RP nothing in the spec pre or post authentication assertion(s) assures the RP that the policy is an accurate representation of the user's desire. I don't like using openid's authN protocols aimed at identity claim validation for controlling what are presented as AuthZ requirements.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Paul Madsen
Sent: Sunday, January 18, 2009 2:42 PM
To: sappenin at gmail.com
Cc: specs at openid.net; general at openid.net List
Subject: Re: [OpenID] New OP-MultiAuth Draft Published
Hi David, your extension is an authentication policy declaration from the user to the RP.
PAPE allows the RP to declare its authentication policy to the OP (and vice versa).
I wonder if there is an opportunity for convergence?
Or at minimum a naming scheme that hilites the commonality ...... UAPE :-)
paul
David Fuelling wrote:
For anyone interested, I've put out a 2nd draft of my OP-MultiAuth idea. I think the first draft was pretty confusing, so hopefully this clarifies things a bit more.
Wiki Page: http://wiki.openid.net/OP-MultiAuth
Actual Draft: http://wiki.openid.net/f/openid-provider-multiauth-extension-1_0-2.html
In a nutshell, the idea here is to protect end-users against a "rogue OP" by providing a mechanism for a Claimed Identifier to mandate that an RP get valid auth assertions from two or more different OP's before giving access to RP-protected resources.
Thanks!
David
________________________________
_______________________________________________
specs mailing list
specs at openid.net<mailto:specs at openid.net>
http://openid.net/mailman/listinfo/specs
________________________________
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.552 / Virus Database: 270.10.8/1899 - Release Date: 17/01/2009 5:50 PM
--
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com
[cid:image001.gif at 01C9798B.C2CF9990]<http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090118/16f76614/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 6744 bytes
Desc: image001.gif
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090118/16f76614/attachment-0002.gif>
More information about the general
mailing list