On 17/10/2007, Manger, James H <[EMAIL PROTECTED]> wrote: > Other solutions: > > OPs can offer different authentication mechanisms based on the > openid.return_to or openid.realm parameter in an authentication request. > However, the user has less flexibility when they have to relying on OPs.
If the primary aim is just to let the user set a policy on how carefully they should be authenticated when talking to particular RPs, why wouldn't this alternative be appropriate? You are trading complexity at the OP end for complexity at the discovery/delegation end. Or are you trying to address a slightly different problem? Maybe one of: 1. using an OP that is not publicly accessible for certain operations 2. using an RP that will only authenticate people using a particular OP. James. _______________________________________________ specs mailing list firstname.lastname@example.org http://openid.net/mailman/listinfo/specs