Question: multiple IdPs?
Dick Hardt
dick at sxip.com
Wed Oct 18 07:26:56 UTC 2006
Thanks Drummond, but what if I am using HTML-based discovery? (that
is what I am going to use in my vanity domain, much easier to implement)
http://openid.net/specs/openid-authentication-2_0-10.html#html_disco
-- Dick
On 17-Oct-06, at 11:46 PM, Drummond Reed wrote:
> In the directed identity case, the IdP URL or XRI you give to the RP
> resolves to your IdP's XRDS document. Each of your IdPs would have a
> different one. If they support directed identity, each would have a
> Service
> with a Type tag value of http://openid.net/identifier_select/2.0. This
> service endpoint would not have an OpenID:Delegate tag (or if it
> does the
> spec should be clear that it is ignored for this service type)
> since this
> service provides directed identity authentication for everyone at
> that IdP.
>
> =Drummond
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
> Behalf
> Of Dick Hardt
> Sent: Tuesday, October 17, 2006 11:25 PM
> To: specs at openid.net
> Subject: Question: multiple IdPs?
>
> I would like to use different IdPs for my vanity URL, blame.ca. In an
> OpenID 2.0 world, I can provide either of my IdP URLs to the RP and
> then select blame.ca and login.
>
> Does this work? What having two openid.server tags suffice? How would
> the RP know which delegate tag goes with which IdP? The spec is not
> silent on this.
>
> ( and yes, another argument for having one identifier so that the RP
> does not have to figure out anything about the delegate tag since it
> does not do anything with it anyway!)
>
> -- Dick
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
More information about the specs
mailing list