<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">You can have the user authenticate to the oAuth provider via openID if it is a condition of the grant:)<div><br></div><div>That may be the best way to do it anyway depending on how the app is configured.</div><div><br></div><div>John B.<br><div><div>On 2009-10-15, at 12:00 PM, Anthony Brassac wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Thanks all for your replies, oAuth looks like it could do it for us, however it seems management had agreed upon using OpenID (research grant related I think), so I'll have to see what gives. Anyway, I appreciate your support.<br>
<br><div class="gmail_quote">On Wed, Oct 14, 2009 at 1:47 AM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Users giving there passwords to RPs is what openID is trying to prevent.<br>
That is why passwords are not supported in the redirect.<br>
</blockquote>
<br></div>
Hmm . . . minor clarification here, though: users giving passwords *their passwords for the OP* (or otherwise transmitting "in the clear") is not compatible with OpenID.<br>
<br>
If the RP wants to ask for another password (one local to that system), e.g. for rarely invoked high levels of access, it *might* be compatible with OpenID (depends on the exact use, but isn't automatically NOT compatible).<br>
<br>
The description Anthony gave sounds vaguely like Kerberos (from the MIT dialogue), but my mind is stuffed full of other things right now and I get a bit of a headache just getting some meaning out of roughly half of it (the rest seems beyond me tonight).<br>
<br>
-Shade<div><div></div><div class="h5"><br>
_______________________________________________<br>
security mailing list<br>
<a href="mailto:security@lists.openid.net" target="_blank">security@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-security" target="_blank">http://lists.openid.net/mailman/listinfo/openid-security</a><br>
</div></div></blockquote></div><br>
</blockquote></div><br></div></body></html>