openid.ui.mode for embedded devices
Allen Tom
atom at yahoo-inc.com
Thu Feb 18 17:49:17 UTC 2010
Hi Hitoshi -
Some sites require users to enter both a password and a 1 time use token
(like a SecurID/RSA/VeriSign token) or a short code that's sent to the
user's cell phone.
Additionally, some sites authenticate users with a client side cert or using
Information Card.
Allen
On 2/18/10 8:09 AM, "Hitoshi Uchida" <hitoshi.uchida at gmail.com> wrote:
> Hi Allen,
>
> Thank you for your comment.
>
>> Although users generally authenticate with their OpenID Provider using a
>> username/password, the OpenID spec does not require users to have passwords.
>> OpenID currently requires users to have browsers so that users can
>> authenticate using other methods besides a password.
>
> I think, for instance, you mean a use case using PAPE because OP may
> use CAPTCHA to authenticate the user in addition to username/password.
> And also, web browser would be needed for rich user interface for
> login page.
> However, concerning other method besides a password you mentioned, I
> think almost of 'real' OP actually authenticate users by using only
> username/password.
More information about the user-experience
mailing list