Description

This page exists to track information relating to the OpenID Provider Delegation Extension 1.0. 

Proposal Abstract

This document specifies an extension to OpenID Authentication 2.0 Discovery. This extension allows an end-user to delegate authority over a particular OpenID Identifier to divergent OpenID Providers (OP's), depending on certain characteristics of a Relying Party and/or certain characteristics of an OpenID transaction.

This extension specifies three categories under which Identifier authority can be delegated: Service, Class, and Domain. For example, an Identifier might specify a different authoritative OP depending on the Service (e.g., OpenID 2.0, OAuth, and others); the RP Domain (*.example.com); or a pre-defined service Class (e.g., one OP for single-factor auth, and another OP when two-factor Auth is required).

By providing OpenID Identifiers with the ability to specify multiple OP's based on particular characteristics of each OpenID transaction, users will be able to utilize the best OP for any particular OpenID transaction.

Discussion Points (TBD)

Document Respository

Document	Version	Notes
openid-provider-delegation-extension-1_0-1.html	Draft 1_1	First Draft