[OpenID] OpenId & Yadis Question

David Fuelling sappenin at gmail.com
Mon Feb 26 00:52:56 UTC 2007


> There is only one step of delegation. The document at gmail.com must
> contain the OpenID-server in the URI tag so there is no need to do another
> Yadis discovery. Delegation is only a notification to the server to use
> another identifier instead of the one given by the user.
> 
> Example:
> <Service>
>   <Type>http://specs.openid.net/auth/2.0/server</Type>
>   <URI>https://sappenin.com/server.php</URI>
>   <openid:Delegate>https://sappenin.com/</openid:Delegate>
> </Service>
> 

Just thinking about this some more....shouldn't the 'Type' above be
'http://specs.openid.net/auth/2.0/signon' instead?  It seems like if an RP
got ' http://specs.openid.net/auth/2.0/server', then the user should be
allowed to select his/her OpenId at the OP located in the URI
(https://sappenin.com/server.php).

Agree?


> Another way would be using a HTTP redirection at gmail.com to sappenin.com
> instead of delivering an own XRD document.
> 
> Regards,
>   Lukas




More information about the general mailing list