On Apr 7, 2008, at 5:22 PM, Aristotle Pagaltzis wrote:
Hi Ashley,
* Ashley <[EMAIL PROTECTED]> [2008-04-07 20:10]:
http://search.cpan.org/dist/Catalyst-Authentication-Credential-
OpenID/
is there any way to tell which OpenID provider was used for a
particular credential? F.ex. a company might use OpenID as its
SSO mechanism, by setting up an OpenID provider for employees, in
which case an internal app might want to grant extra trust to
OpenIDs from that provider (or reject IDs from other providers
altogether).
OK, in this particular example you could get away with accepting
only OpenIDs of a particular form. But delegation is an integral
part of OpenID and in other similar scenarios on the open web it
would be interesting to know the provider, not just the identity.
A quick skim of Net::OpenID::Consumer does not reveal a way to
get at this, however… is there?
That is intriguing. I see Tatsuhiko already mentioned the
identity_server() method in Net::OpenID::ClaimedIdentity.
Another thing that could be caught is the spec level of the
authentication. Unsure where (or if it's already there) but
should be doable.
The OpenID store I am planning to write could catch/contain
these things. How to tie it in to increased/reduced trust
then? Just in the app? Inline in the realm with "roles" for
providers? Perhaps-
$c->assert_roles("https://trusted-provider.org";)
Then things like a tree...
if $c->check_roles("https://supertrust.net";)
# you get everything
elsif $c->check_roles("http://okiedokey.com";)
# you're pretty cool
elsif $c->user_exists and $c->user->"generic_OpenID"
# you're allowed to vote and all but not XYZ
else
$c->res->body("Oh, hai. I can haz sign-in?")
Very cool idea.
-Ashley
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
