Please clarify 2.0 TOC 14 -- Re: RFC: Final outstanding issues with the OpenID 2.0 Authentication specification
Kevin Turner
kevin at janrain.com
Wed May 23 03:45:27 UTC 2007
On Fri, 2007-05-18 at 22:21 +0200, Boris Erdmann wrote:
> http://openid.net/specs/openid-authentication-2_0-11.html#anchor34
>
> Should the document be placed under
> http://relyingparty.com/ or http://relyingparty.com/return_to_url?
> or does it have to be link rel'ed in every page?
For the proposed check against realm forgery, you'll want to make sure
it's available at the URL given in the openid.realm parameter of your
checkid request. Josh is currently writing up the details on that.
For other uses, I think the answer is "it depends"; what are those uses?
Publishing it at return_to_url doesn't seem to be very useful, because
it's the return_to url that the seeker would be trying to discover.
That would be the equivalent of a sign saying "you are here" and nothing
more.
More information about the specs
mailing list