If I am understanding this correctly, I guess the only problem I see with that is both entities need to trust that the user is indeed being truthful and not sharing a token. I think a system with a neutral third part that takes a token from the identity provider and a token from the webite, validates them and sends a result. Or maybe that is what you said.
If I am understanding this correctly, I guess the only problem I see with that is both entities need to trust that the user is indeed being truthful and not sharing a token. I think a system with a neutral third part that takes a token from the identity provider and a token from the webite, validates them and sends a result. Or maybe that is what you said.
Yeah, that’s essentially what I meant. The validation could happen much like with PGP keys and passwords.