[OpenID] Wildcard realms and return URL verification discovery conflict

SitG Admin sysadmin at shadowsinthegarden.com
Wed Apr 8 06:02:02 UTC 2009


>But now consider Yahoo!, which performs the optional Return URL
>Verification step.  Per section 9.2.1 of the OpenID 2.0 spec, it will then
>attempt to perform discovery (for my RP's XRDS document) starting at
>https://www.example.org/

I have noticed this behavior, too (in a major OP other than Yahoo).

+1 to designing a solution for this into the spec.

-Shade



More information about the general mailing list