There seemed consensus that being able to "bookmark" an RP at the IdP was a useful feature for users.
The IdP would send a discovery_identifier to the RP's entry point where it is expecting to get a POST from the login form. OpenID Authentication then proceeds as normal. (this provides the bare response functionality that I had proposed) In order for the IdP to do this, it needs to know the login_url. There are a few choices: 1) the RP sends a login_url to the IdP in the authorization request message 2) the RP sends the login_url in the associate message 3) the RP can send a separate direct message to an IdP it has not seen containing the login_url 4) the IdP can discover the login_url from the RP (this would require there to be a defined entry point for the RP) (1)&(2) increase the payload in the messages, but no new communication (3) may only have to be done once, but the RP needs to manage state for the IdP, and the IdP has to remember it. (4) we need to define where the entrypoint is for the RP, which is essentially what this parameter is all about -- perhaps we can define this entry_point and use it for bookmark login and other commands to the RP? Preference, comments? Should this be an extension or in the main spec? -- Dick _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
