Question: multiple IdPs?

Dick Hardt dick at sxip.com
Thu Oct 19 04:46:27 UTC 2006 

Thanks!

On 18-Oct-06, at 9:38 PM, Recordon, David wrote:

> Sorry, pointer to Josh's email?
>
> Yeah, the XML file can be based elsewhere.  Might be worth a quick  
> skim
> of the Yadis spec (http://yadis.org/papers/yadis-v1.0.pdf)  Only three
> pages, section six, which talks about this.
>
> --David
>
> -----Original Message-----
> From: Dick Hardt [mailto:dick at sxip.com]
> Sent: Thursday, October 19, 2006 12:12 AM
> To: Recordon, David
> Cc: Drummond Reed; specs at openid.net
> Subject: Re: Question: multiple IdPs?
>
> Agreed that it is a power user that wants multiple IdPs, but per  
> Josh's
> email. someone can't use OpenID 2.0 unless they do this. I think  
> that is
> a very common use case.
>
> Can the meta-tag point to an XML file on another site? (sorry for  
> being
> lazy and not figuring it out myself)
>
> (multiple IdP support would lead the user to want to have created  
> their
> own XML file)
>
> -- Dick
>
> On 18-Oct-06, at 9:05 PM, Recordon, David wrote:
>
>> Upload an XML file and add a meta-tag which points to it...
>>
>> Somehow I doubt that someone who can't do that will really be
>> interested in the use case you described.  In any case, it is
>> surprising what people can do when following "Internet tutorials".
>>
>> --David
>>
>> -----Original Message-----
>> From: Dick Hardt [mailto:dick at sxip.com]
>> Sent: Thursday, October 19, 2006 12:01 AM
>> To: Recordon, David
>> Cc: Drummond Reed; specs at openid.net
>> Subject: Re: Question: multiple IdPs?
>>
>> Forgive my lack of Yadis configuration expertise, but is this
>> something that your average blogger can add to their WP or MT blog?
>>
>> -- Dick
>>
>> On 18-Oct-06, at 7:28 AM, Recordon, David wrote:
>>
>>> At that point then I'd argue that the feature shouldn't be  
>>> supported;
>
>>> Yadis was developed to handle use cases like this.  While HTML-based
>>> Discovery is certainly easier, I'm happy not adding to it beyond  
>>> what
>
>>> was in 1.1 and telling people to use Yadis when they need something
>>> more complex.  I think that is a good balance between light-weight
>>> discovery and features.
>>>
>>> --David
>>>
>>> -----Original Message-----
>>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
>>> Behalf Of Dick Hardt
>>> Sent: Wednesday, October 18, 2006 3:27 AM
>>> To: Drummond Reed
>>> Cc: specs at openid.net
>>> Subject: Re: Question: multiple IdPs?
>>>
>>> Thanks Drummond, but what if I am using HTML-based discovery?
>>> (that is
>>
>>> what I am going to use in my vanity domain, much easier to  
>>> implement)
>>>
>>> http://openid.net/specs/openid-authentication-2_0-10.html#html_disco
>>>
>>> -- Dick
>>>
>>> On 17-Oct-06, at 11:46 PM, Drummond Reed wrote:
>>>
>>>> In the directed identity case, the IdP URL or XRI you give to  
>>>> the RP
>
>>>> resolves to your IdP's XRDS document. Each of your IdPs would  
>>>> have a
>
>>>> different one. If they support directed identity, each would have a
>>>> Service with a Type tag value of
>>>> http://openid.net/identifier_select/2.0. This service endpoint  
>>>> would
>
>>>> not have an OpenID:Delegate tag (or if it does the spec should be
>>>> clear that it is ignored for this service type) since this service
>>>> provides directed identity authentication for everyone at that IdP.
>>>>
>>>> =Drummond
>>>>
>>>> -----Original Message-----
>>>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
>>>> Behalf Of Dick Hardt
>>>> Sent: Tuesday, October 17, 2006 11:25 PM
>>>> To: specs at openid.net
>>>> Subject: Question: multiple IdPs?
>>>>
>>>> I would like to use different IdPs for my vanity URL, blame.ca.
>>>> In an
>>
>>>> OpenID 2.0 world, I can provide either of my IdP URLs to the RP and
>>>> then select blame.ca and login.
>>>>
>>>> Does this work? What having two openid.server tags suffice? How
>>>> would
>>
>>>> the RP know which delegate tag goes with which IdP? The spec is not
>>>> silent on this.
>>>>
>>>> ( and yes, another argument for having one identifier so that  
>>>> the RP
>
>>>> does not have to figure out anything about the delegate tag  
>>>> since it
>
>>>> does not do anything with it anyway!)
>>>>
>>>> -- Dick
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at openid.net
>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>>
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>>
>>>
>>
>>
>>
>
>
>

More information about the specs mailing list