RE: [OpenID] identify RP when it gets OpenID URL

2007-10-23 Thread Manger, James H
I am keen for the RP to identify itself when it performs discovery – and I would love this feature to be in 2.0 before it is finalized. The proposal is very simple (to describe and to implement): RPs add a “From:” HTTP header field to HTTP requests made during the discovery phase. The

RE: [OpenID] identify RP when it gets OpenID URL

2007-10-17 Thread Manger, James H
:36 PM To: Manger, James H Cc: specs@openid.net Subject: Re: [OpenID] identify RP when it gets OpenID URL Wouldn't User-Agent: be equivalent, and have prior art (feed readers such as Bloglines identify themselves via User-Agent)? Manger, James H wrote: … “The Relying Party MUST include

Re: [OpenID] identify RP when it gets OpenID URL

2007-10-17 Thread James Henstridge
On 17/10/2007, Manger, James H [EMAIL PROTECTED] wrote: Other solutions: OPs can offer different authentication mechanisms based on the openid.return_to or openid.realm parameter in an authentication request. However, the user has less flexibility when they have to relying on OPs. If the

Re: [OpenID] identify RP when it gets OpenID URL

2007-10-17 Thread Johnny Bufu
On 16-Oct-07, at 7:58 PM, Manger, James H wrote: Use case: Alice wants to use different OPs for different RPs, while keeping the same URL (eg http://alice.example.net/). For instance, when logging into a service hosting her backups she wants to use an OP that requires a one-time

RE: [OpenID] identify RP when it gets OpenID URL

2007-10-17 Thread Manger, James H
PAPE may be another approach (to support per-user per-RP login policies). It certainly will not always be “cleaner”. It is not a reason against enabling a discovery-based approach. This PAPE suggestion requires the RP and OP to implement what the user wants. A discovery-based approach only