[OpenID] EU regulators call for tighter privacy provisions onOpenID, Facebook (U)
Andrew Arnott
andrewarnott at gmail.com
Fri Jun 19 04:19:24 UTC 2009
Hi Allen,
Scenario #1 RP uses checkid_immediate with directed identity: the OP uses
the last persona the user selected with that RP. This makes sense when the
RP is using checkid_immediate to auto-login the user from their last session
and just wants to make sure the user is still signed into their OP.
Scenario #2 RP uses checkid_immediate with a claimed identifier the user has
logged into the RP previously: OP can tell from the claimed identifier which
persona is in use. This assumes personas are tied to identifiers, which
they may not be. In the more advanced case (which I am doubtful needs to be
supported) of having multiple personas that can be used with an individual
identifier (in order to manage which values for attributes to send) it gets
harder to give a solid answer.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Thu, Jun 18, 2009 at 8:40 PM, Allen Tom <atom at yahoo-inc.com> wrote:
> Hi Andrew -
>
> How is checkid_immediate supposed to work if a single account on the OP can
> have multiple OpenIDs on the RP?
>
> Allen
>
>
> Andrew Arnott wrote:
>>
>>>
>>>
>>>
>>> Contrast that to Yahoo supporting multiple personas: I'm logged into all
>>> of them at once, so no matter which RP I visit as a Yahoo! customer, Yahoo
>>> can implicitly log me into those RPs regardless of which claimed_id and/or
>>> persona from Yahoo I used to log in with them.
>>>
>>> -
>>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090618/d8e45acc/attachment.htm>
More information about the general
mailing list