[OpenID] OpenId & Yadis Question
inbox at lukasrosenstock.net
Sun Feb 25 23:43:52 UTC 2007
> A.) Is this the proper way to do delegation? Above, gmail.com is
> to sappenin.com.
No, it would say that sappenin.com is your OpenID server.
For delegation, there is the seperate openid:delegate-tag.
> B.) If a client gets the Yadis doc above (after navigating to gmail.com),
> MUST they (or SHOULD they) navigate to sappenin.com and try to perform
> discovery again? If so, how many delegates are allowed? Not specified?
There is only one step of delegation. The document at gmail.com must
contain the OpenID-server in the URI tag so there is no need to do another
Yadis discovery. Delegation is only a notification to the server to use
another identifier instead of the one given by the user.
Another way would be using a HTTP redirection at gmail.com to sappenin.com
instead of delivering an own XRD document.
More information about the general