Server-to-server channel
Anders Feder
lists.anders at feder.dk
Tue Apr 3 23:06:49 UTC 2007
Wayne Pierce wrote:
> When I update my information at a new OP how about some way to tell
> the RP it is the most authoritative. Not sure if this should be taken
> care of at the application or protocol level, I'd like to see it in
> the protocol though. The big concern I see with this is that anyone
> could setup an OP and claim to be the most authoritative source of
> information.
I agree completely. Currently, if my OP turns rogue or otherwise fail to
serve me, I'm left with no recourse. A bullet-proof way of dealing with
this would be with digital signatures though I sense some aversion to
PKI in the OpenID community.
> The OP could tell the user if there was a failure. This way the user
> can notify the RP or at least be aware of the problem. Not perfect,
> but it could be treated just like a bounced email or DNS update
> failure.
Yes, this is probably how it will be handled and it will work. I just
think there will be corner cases where the user is not able to 'change
course' in time. And handling corner cases sets excellent technology
apart from very good technology - but it will work.
Regards,
Anders Feder
More information about the specs
mailing list