[OpenID] OpenId & Yadis Question
David Fuelling
sappenin at gmail.com
Mon Feb 26 00:41:51 UTC 2007
> -----Original Message-----
> From: Lukas Rosenstock [mailto:inbox at lukasrosenstock.net]
> Sent: Sunday, February 25, 2007 4:44 PM
> To: David Fuelling
> Cc: yadis at lists.danga.com; general at openid.net
> Subject: Re: [OpenID] OpenId & Yadis Question
>
> > A.) Is this the proper way to do delegation? Above, gmail.com is
> > delegating
> > to sappenin.com.
>
> No, it would say that sappenin.com is your OpenID server.
> For delegation, there is the seperate openid:delegate-tag.
>
> > B.) If a client gets the Yadis doc above (after navigating to
> gmail.com),
> > MUST they (or SHOULD they) navigate to sappenin.com and try to perform
> > discovery again? If so, how many delegates are allowed? Not specified?
>
> There is only one step of delegation. The document at gmail.com must
> contain the OpenID-server in the URI tag so there is no need to do another
> Yadis discovery. Delegation is only a notification to the server to use
> another identifier instead of the one given by the user.
>
> Example:
> <Service>
> <Type>http://specs.openid.net/auth/2.0/server</Type>
> <URI>https://sappenin.com/server.php</URI>
> <openid:Delegate>https://sappenin.com/</openid:Delegate>
> </Service>
So, if the above Yadis doc were returned, but minus the opendid:delegate
element, then the RP would use https://sappenin.com/server.php as the OP
URL, but would still use http://sappenin.gmail.com as the OpenId(?)
Also, isn't the end-user allowed select the OpenId at the OP? If so, then
is the URL in the openid:delegate tag just a 'hint' to the OP? Or is it
required to be used?
More information about the general
mailing list