Question: multiple IdPs?
Recordon, David
drecordon at verisign.com
Wed Oct 18 14:28:12 UTC 2006
At that point then I'd argue that the feature shouldn't be supported;
Yadis was developed to handle use cases like this. While HTML-based
Discovery is certainly easier, I'm happy not adding to it beyond what
was in 1.1 and telling people to use Yadis when they need something more
complex. I think that is a good balance between light-weight discovery
and features.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Dick Hardt
Sent: Wednesday, October 18, 2006 3:27 AM
To: Drummond Reed
Cc: specs at openid.net
Subject: Re: Question: multiple IdPs?
Thanks Drummond, but what if I am using HTML-based discovery? (that is
what I am going to use in my vanity domain, much easier to implement)
http://openid.net/specs/openid-authentication-2_0-10.html#html_disco
-- Dick
On 17-Oct-06, at 11:46 PM, Drummond Reed wrote:
> In the directed identity case, the IdP URL or XRI you give to the RP
> resolves to your IdP's XRDS document. Each of your IdPs would have a
> different one. If they support directed identity, each would have a
> Service with a Type tag value of
> http://openid.net/identifier_select/2.0. This service endpoint would
> not have an OpenID:Delegate tag (or if it does the spec should be
> clear that it is ignored for this service type) since this service
> provides directed identity authentication for everyone at that IdP.
>
> =Drummond
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
> Behalf Of Dick Hardt
> Sent: Tuesday, October 17, 2006 11:25 PM
> To: specs at openid.net
> Subject: Question: multiple IdPs?
>
> I would like to use different IdPs for my vanity URL, blame.ca. In an
> OpenID 2.0 world, I can provide either of my IdP URLs to the RP and
> then select blame.ca and login.
>
> Does this work? What having two openid.server tags suffice? How would
> the RP know which delegate tag goes with which IdP? The spec is not
> silent on this.
>
> ( and yes, another argument for having one identifier so that the RP
> does not have to figure out anything about the delegate tag since it
> does not do anything with it anyway!)
>
> -- Dick
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list