>> <span class="Apple-style-span" style="border-collapse: collapse; ">I believe case #2 can be addressed in the OpenID UI Extension, using a special flag or mode that an RP can pass to the OP to indicate that checkid_setup should be interactive, even if the user had previously approved automatic login for the RP</span><div>
<span class="Apple-style-span" style="border-collapse: collapse;">Good point.</span></div><div><span class="Apple-style-span" style="border-collapse: collapse;"><br></span><br><div class="gmail_quote">On Tue, Jul 7, 2009 at 12:34 PM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">Eric Sachs wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
The higher priority requests we get in this area are to support things like (1) forcing the user to change their password (such as in cases where the RP is pretty sure the user's credentials have been stolen) and (2) forcing the user to re-confirm they want their identity shared with the RP even if previously asked for this to be done automatically.<br>
<br>
</blockquote></div>
I believe case #2 can be addressed in the OpenID UI Extension, using a special flag or mode that an RP can pass to the OP to indicate that checkid_setup should be interactive, even if the user had previously approved automatic login for the RP.<br>
<font color="#888888">
<br>
Allen<br>
<br>
</font></blockquote></div><br></div>