A session negotiator controls the allowed and preferred association
types and association session types. Both the
negotiators when creating associations.
You can create and use negotiators if you:
Do not want to do Diffie-Hellman key exchange because you use transport-layer encryption (e.g. SSL)
Want to use only SHA-256 associations
Do not want to support plain-text associations over a non-secure channel
It is up to you to set a policy for what kinds of associations to accept. By default, the library will make any kind of association that is allowed in the OpenID 2.0 specification.
Use of negotiators in the library
When a consumer makes an association request, it calls
Auth_OpenID_SessionNegotiator::getAllowedType() to get the preferred association type and
association session type.
The server gets a request for a particular association/session type
Auth_OpenID_SessionNegotiator::isAllowed() to determine if it should create an
association. If it is supported, negotiation is complete. If it is
not, the server calls
Auth_OpenID_SessionNegotiator::getAllowedType() to get an allowed
association type to return to the consumer.
If the consumer gets an error response indicating that the
requested association/session type is not supported by the server
that contains an assocation/session type to try, it calls
Auth_OpenID_SessionNegotiator::isAllowed() to determine if it should try again with the given
combination of association/session type.
Copyright: 2005-2008 Janrain, Inc.
Author: JanRain, Inc. firstname.lastname@example.org
Located at zp-extensions/federated_logon/Auth/OpenID/Association.php