[OpenID] direct communication and HTTP authentication
Torsten Lodderstedt
torsten at lodderstedt.net
Fri Mar 5 07:11:54 UTC 2010
Hi all,
I'm investigating ways to reliably authenticate RPs in scenarios with
strong coupling between RP and OP.
My question to the list is: Does it contradict the OpenId 2.0 spec if a
OP requires HTTP authentication (e.g. BASIC authentication) on direct
communication requests? The idea is to only establish an association if
the RP is authenticated and authorized.
Thanks in advance,
Torsten.
More information about the general
mailing list