[OpenID] OpenId & Yadis Question

Lukas Rosenstock inbox at lukasrosenstock.net
Sun Feb 25 23:43:52 UTC 2007


> A.) Is this the proper way to do delegation?  Above, gmail.com is  
> delegating
> to sappenin.com.

No, it would say that sappenin.com is your OpenID server.
For delegation, there is the seperate openid:delegate-tag.

> B.) If a client gets the Yadis doc above (after navigating to gmail.com),
> MUST they (or SHOULD they) navigate to sappenin.com and try to perform
> discovery again?  If so, how many delegates are allowed?  Not specified?

There is only one step of delegation. The document at gmail.com must  
contain the OpenID-server in the URI tag so there is no need to do another  
Yadis discovery. Delegation is only a notification to the server to use  
another identifier instead of the one given by the user.

Example:
<Service>
  <Type>http://specs.openid.net/auth/2.0/server</Type>
  <URI>https://sappenin.com/server.php</URI>
  <openid:Delegate>https://sappenin.com/</openid:Delegate>
</Service>

Another way would be using a HTTP redirection at gmail.com to sappenin.com  
instead of delivering an own XRD document.

Regards,
  Lukas



More information about the general mailing list