[step2] Re: OpenID Popup Extension - Draft 0
Allen Tom
atom at yahoo-inc.com
Mon Feb 16 20:41:27 UTC 2009
Probably the simplest thing would be to turn
AssocationHandle/Association into ConsumerKey/ConsumerSecret and require
the Auth request to be signed.
Allen
George Fletcher wrote:
>
>
> Maybe the OpenID 2.1 WG could take on "signed RP authn requests" :)
> Could probably just leverage 2-legged OAuth with the consumer
> token:secret representing the RP.
>
>
More information about the user-experience
mailing list