PROPOSAL: RP identifier

Dick Hardt dick at sxip.com
Thu Oct 19 07:51:09 UTC 2006


On 19-Oct-06, at 12:29 AM, Martin Atkins wrote:

> Dick Hardt wrote:
>>
>> The IdP needs a unique identifier for the RP.
>> openid.realm is a wild card that could match multiple RPs.
>
> This was by design. An RP that is exposing multiple "RP endpoints"
> within the same realm is explicitly saying that it needs/wants them  
> all
> to be treated the same.
>
> Part of this design is the ability for the RP to move the "RP  
> endpoint"
> to a different URL without breaking all existing relationships,  
> which is
> an important requirement in the real world where people often expose
> their underlying architecture in their URLs and then have to break the
> URLs when the architecture changes.
>
> The realm (assuming that this is what used to be called trust_root) is
> what you should be using, and *allowing* that to match multiple RP
> endpoints is okay and desirable.

Agreed that it is desirable to have multiple RP endpoints for an RP.   
Does openid.realm then uniquely identify an RP? ie. no other RP will  
use the same Realm?

-- Dick



More information about the specs mailing list