<div>Hello,</div>
<div> </div>
<div>I'm studying the possibility of using OpenId.</div>
<div> </div>
<div>My organization's site has hundreds of registered users. Everyone there will have an OpenId: "<a href="http://username.mysite.org">username.mysite.org</a>".</div>
<div> </div>
<div>My first purpose is to provide Single Sign On for external sites, proving that those users belong to my organization.</div>
<div> </div>
<div>But I also want people already having an openid to use it at my site, without the need of having another password.</div>
<div> </div>
<div>Therefore, each user, besides the OpenId provided by my site, can register, at his site's account, one or more external OpenIds.</div>
<div> </div>
<div>When a user accesses my site he can be authenticated either by username / Password or by one of his external openids.</div>
<div> </div>
<div>When a user accesses a site which is using mine for Single Sign On purposes, he can only enter the default OpenID, provided by my site. This second site then connects to my OpenID server -- where the user can use any of his registered OpenIds to authenticate himself.
</div>
<div> </div>
<div>This process is something like:</div>
<div> </div>
<div>User enters "<a href="http://username.mysite.org">username.mysite.org</a>" --> the consumer connects to my server --> my server might have, for this user, an external OpenID defined --> the user chooses this OpenId ---> My server sends the request to other server --> this second server replies Ok ---> my server then replies Ok to the consumer.
</div>
<div> </div>
<div>Is this a valid OpenID model? </div>
<div> </div>
<div>Are there other ways allowing a consumer to know that a certain OpenId belongs to a valid user at my site, although its OpenId's server is elsewhere?</div>
<div> </div>
<div> </div>
<div>Thank you,</div>
<div> </div>
<div> </div>
<div>Miguel</div>