PROPOSAL: RP identifier
Dick Hardt
dick at sxip.com
Thu Oct 19 07:51:09 UTC 2006
On 19-Oct-06, at 12:29 AM, Martin Atkins wrote:
> Dick Hardt wrote:
>>
>> The IdP needs a unique identifier for the RP.
>> openid.realm is a wild card that could match multiple RPs.
>
> This was by design. An RP that is exposing multiple "RP endpoints"
> within the same realm is explicitly saying that it needs/wants them
> all
> to be treated the same.
>
> Part of this design is the ability for the RP to move the "RP
> endpoint"
> to a different URL without breaking all existing relationships,
> which is
> an important requirement in the real world where people often expose
> their underlying architecture in their URLs and then have to break the
> URLs when the architecture changes.
>
> The realm (assuming that this is what used to be called trust_root) is
> what you should be using, and *allowing* that to match multiple RP
> endpoints is okay and desirable.
Agreed that it is desirable to have multiple RP endpoints for an RP.
Does openid.realm then uniquely identify an RP? ie. no other RP will
use the same Realm?
-- Dick
More information about the specs
mailing list