Yet Another Delegation Thread

Josh Hoyt josh at janrain.com
Thu Oct 26 18:59:39 UTC 2006


On 10/26/06, Dick Hardt <dick at sxip.com> wrote:
> On 26-Oct-06, at 8:27 AM, Josh Hoyt wrote:
> > Requiring this discovery adds another (redundant) HTTP request to the
> > authentication process, which takes time. I'd like to be able to
> > improve the "User Experience" by implementing an IdP that would verify
> > the binding occasionally, but not *every time* the user authenticates.
>
> I would assume that some caching of HTTP requests would be allowed
> depending on the HTTP headers sent by the site serving the portable
> identifier document. Since the IdP is likely involved in all identity
> transactions for the user, there would be many cache hits and the
> extra traffic not that significant. Note this is also a server to
> server request, which should be much less significant then client to
> server requests.

But if the IdP's cache does not match the RP's cache, there is a hole.

> It would seem this all boils down to optimizing one potential HTTP
> request.

What about http://openid.net/pipermail/specs/2006-October/000735.html ?

> Has anyone laid out how many requests happen in a transaction?

About 1000 ;)

Josh



More information about the specs mailing list