[OpenID] Announcing OpenID Authentication 2.0 - Implementor's Draft 11

Ben Laurie benl at google.com
Sun Jan 21 08:29:50 UTC 2007


On 1/19/07, Dick Hardt <dick at sxip.com> wrote:
>
> On 19-Jan-07, at 6:19 AM, Ben Laurie wrote:
>
> >
> > Still totally unhappy about the phishing issues, which I blogged
> > about here:
> >
> > http://www.links.org/?p=187
>
> There are numerous ways of solving this. Several standard methods can
> solve it. It is a relationship between the user and the OP and the RP
> is not party, so I don't think it belongs in the OpenID
> Authentication specification.
>
> That does not mean it is not important, just that *this* spec is not
> the right place.

I think that's entirely wrong. The RP doesn't care at all about the OP
- all the RP cares about is the end user.

More importantly, I think I have a solution that will make both of us
happy, but I now have to go and ride my motorbike fast, so I'll detail
it later.



More information about the specs mailing list