On 16-Oct-07, at 7:58 PM, Manger, James H wrote: > Use case: Alice wants to use different OPs for different RPs, while > keeping the same URL (eg http://alice.example.net/). For instance, > when logging into a service hosting her backups she wants to use an > OP that requires a one-time password from a hardware token for each > access. However, when leaving comments on blogs Alice wants to > authenticate using an OP that only requires a password and uses a > persistent cookie so she only has to log in once a day.
I believe there's a cleaner way to address this, that would not complicate the things that Alice needs to know about the inner workings of OpenID (and without her having to use different identities for different purposes): The PAPE-enabled backup service requests that the OP authenticates Alice in a manner compliant with certain policies, that are satisfactory to Alice's security requirements for a backup service. Johnny _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs