Question: multiple IdPs?

Recordon, David drecordon at verisign.com
Thu Oct 19 04:38:46 UTC 2006


Sorry, pointer to Josh's email?

Yeah, the XML file can be based elsewhere.  Might be worth a quick skim
of the Yadis spec (http://yadis.org/papers/yadis-v1.0.pdf)  Only three
pages, section six, which talks about this.

--David 

-----Original Message-----
From: Dick Hardt [mailto:dick at sxip.com] 
Sent: Thursday, October 19, 2006 12:12 AM
To: Recordon, David
Cc: Drummond Reed; specs at openid.net
Subject: Re: Question: multiple IdPs?

Agreed that it is a power user that wants multiple IdPs, but per Josh's
email. someone can't use OpenID 2.0 unless they do this. I think that is
a very common use case.

Can the meta-tag point to an XML file on another site? (sorry for being
lazy and not figuring it out myself)

(multiple IdP support would lead the user to want to have created their
own XML file)

-- Dick

On 18-Oct-06, at 9:05 PM, Recordon, David wrote:

> Upload an XML file and add a meta-tag which points to it...
>
> Somehow I doubt that someone who can't do that will really be 
> interested in the use case you described.  In any case, it is 
> surprising what people can do when following "Internet tutorials".
>
> --David
>
> -----Original Message-----
> From: Dick Hardt [mailto:dick at sxip.com]
> Sent: Thursday, October 19, 2006 12:01 AM
> To: Recordon, David
> Cc: Drummond Reed; specs at openid.net
> Subject: Re: Question: multiple IdPs?
>
> Forgive my lack of Yadis configuration expertise, but is this 
> something that your average blogger can add to their WP or MT blog?
>
> -- Dick
>
> On 18-Oct-06, at 7:28 AM, Recordon, David wrote:
>
>> At that point then I'd argue that the feature shouldn't be supported;

>> Yadis was developed to handle use cases like this.  While HTML-based 
>> Discovery is certainly easier, I'm happy not adding to it beyond what

>> was in 1.1 and telling people to use Yadis when they need something 
>> more complex.  I think that is a good balance between light-weight 
>> discovery and features.
>>
>> --David
>>
>> -----Original Message-----
>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On 
>> Behalf Of Dick Hardt
>> Sent: Wednesday, October 18, 2006 3:27 AM
>> To: Drummond Reed
>> Cc: specs at openid.net
>> Subject: Re: Question: multiple IdPs?
>>
>> Thanks Drummond, but what if I am using HTML-based discovery?  
>> (that is
>
>> what I am going to use in my vanity domain, much easier to implement)
>>
>> http://openid.net/specs/openid-authentication-2_0-10.html#html_disco
>>
>> -- Dick
>>
>> On 17-Oct-06, at 11:46 PM, Drummond Reed wrote:
>>
>>> In the directed identity case, the IdP URL or XRI you give to the RP

>>> resolves to your IdP's XRDS document. Each of your IdPs would have a

>>> different one. If they support directed identity, each would have a 
>>> Service with a Type tag value of 
>>> http://openid.net/identifier_select/2.0. This service endpoint would

>>> not have an OpenID:Delegate tag (or if it does the spec should be 
>>> clear that it is ignored for this service type) since this service 
>>> provides directed identity authentication for everyone at that IdP.
>>>
>>> =Drummond
>>>
>>> -----Original Message-----
>>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On 
>>> Behalf Of Dick Hardt
>>> Sent: Tuesday, October 17, 2006 11:25 PM
>>> To: specs at openid.net
>>> Subject: Question: multiple IdPs?
>>>
>>> I would like to use different IdPs for my vanity URL, blame.ca.  
>>> In an
>
>>> OpenID 2.0 world, I can provide either of my IdP URLs to the RP and 
>>> then select blame.ca and login.
>>>
>>> Does this work? What having two openid.server tags suffice? How 
>>> would
>
>>> the RP know which delegate tag goes with which IdP? The spec is not 
>>> silent on this.
>>>
>>> ( and yes, another argument for having one identifier so that the RP

>>> does not have to figure out anything about the delegate tag since it

>>> does not do anything with it anyway!)
>>>
>>> -- Dick
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>>
>>>
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>>
>
>
>





More information about the specs mailing list