Discussion: bookmark login url discovery

[Recordon, David]

At this point I'd really like to see it as an extension.  We're a week
past when we said we were going to have a final draft and it doesn't
seem like there is general consensus on how this feature should work. 

--David

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Dick Hardt
Sent: Saturday, October 14, 2006 10:14 PM
To: specs at openid.net
Subject: Discussion: bookmark login url discovery

There seemed consensus that being able to "bookmark" an RP at the IdP
was a useful feature for users.

The IdP would send a discovery_identifier to the RP's entry point where
it is expecting to get a POST from the login form.
OpenID Authentication then proceeds as normal. (this provides the bare
response functionality that I had proposed)

In order for the IdP to do this, it needs to know the login_url.  
There are a few choices:

1) the RP sends a login_url to the IdP in the authorization request
message
2) the RP sends the login_url in the associate message
3) the RP can send a separate direct message to an IdP it has not seen
containing the login_url
4) the IdP can discover the login_url from the RP (this would require
there to be a defined entry point for the RP)

(1)&(2) increase the payload in the messages, but no new communication

(3) may only have to be done once, but the RP needs to manage state for
the IdP, and the IdP has to remember it.

(4) we need to define where the entrypoint is for the RP, which is
essentially what this parameter is all about -- perhaps we can define
this entry_point and use it for bookmark login and other commands to the
RP?

Preference, comments? Should this be an extension or in the main spec?

-- Dick

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs