openid.delegate explained.
Martin Atkins
mart at degeneration.co.uk
Wed Oct 4 20:27:08 UTC 2006
Dick Hardt wrote:
>
> The RP needs to resolve the identifier to check who is authorative
> for it.
>
> If you create a mechanism for how to resolve who owns
> "mailto:me at mydomain.com", then it works.
>
> That functionality is needed to prevent any IdP from being
> authoritative for an arbitrary URI.
>
> -- Dick
The public URI is still resolvable by the RP as is necessary.
But the RP never uses the openid.delegate value; it simply passes it on
to the IdP where the IdP can then do what it likes with it. In
LiveJournal's case, it's simply a regex to see if it matches
http://([a-z0-9\-]+).livejournal.com/, which could easily be
mailto:([a-z0-9\-]+)@livejournal.com, or anything else.
More information about the specs
mailing list