That may be the best way to do it anyway depending on how the app is configured.
John B. On 2009-10-15, at 12:00 PM, Anthony Brassac wrote:
Thanks all for your replies, oAuth looks like it could do it for us, however it seems management had agreed upon using OpenID (research grant related I think), so I'll have to see what gives. Anyway, I appreciate your support.On Wed, Oct 14, 2009 at 1:47 AM, SitG Admin <[email protected] > wrote: Users giving there passwords to RPs is what openID is trying to prevent.That is why passwords are not supported in the redirect.Hmm . . . minor clarification here, though: users giving passwords *their passwords for the OP* (or otherwise transmitting "in the clear") is not compatible with OpenID.If the RP wants to ask for another password (one local to that system), e.g. for rarely invoked high levels of access, it *might* be compatible with OpenID (depends on the exact use, but isn't automatically NOT compatible).The description Anthony gave sounds vaguely like Kerberos (from the MIT dialogue), but my mind is stuffed full of other things right now and I get a bit of a headache just getting some meaning out of roughly half of it (the rest seems beyond me tonight).-Shade _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
