PROPOSAL: RP identifier
Dick Hardt
dick at sxip.com
Sun Oct 22 20:01:28 UTC 2006
On 22-Oct-06, at 12:55 PM, Recordon, David wrote:
> In the case where there are two realms:
> http://*.livejournal.com
> http://dick.livejournal.com
>
> I would have my IdP treat them as separate relying parties. If the RP
> directly decided to set the realm differently, then I'd imagine the
> application has a reason for doing so. This is of course different
> than
> having a realm of http://*.livejournal.com and then a return_to of
> http://www.livejournal.com the first time and then
> http://dick.livejournal.com the second time, where my IdP would treat
> them as the same RP.
>
> So yes, RPs should be uniquely identified by the realm parameter.
I would agree with this. The spec does not specify that. Another
thing to add to the edit list?
-- Dick
More information about the specs
mailing list