[OpenID] Localhost OpenID
Martin Atkins
mart at degeneration.co.uk
Wed Dec 13 22:30:23 UTC 2006
Rabbit wrote:
> On 12/13/06, Daniel E. Renfer <Duck at kronkltd.net> wrote:
>> First off, the problem with using localhost as your identity is the RP
>> and OP have to be able to resolve 'localhost' to be the same IP
>> address.
>
> First of all, why?
>
> Secondly, the user and OP in my case are both the same and both
> localhost already so they'll both resolve fine. The only party
> excluded from talking the identity provider directly is the RP, but
> the RP doesn't need to talk directly to the identity provider. The RP
> only needs to ensure the identity resource is the same and that is
> signed on behalf of the user. The location of the resource, or for
> that matter being able to directly retrieve it rather than having it
> passed along, is irrelevant.
>
While I guess you could in theory dream up another system where this
isn't the case, the OpenID protocol as currently specified requires the
RP to retrieve the identifier URL, and thus the identifier URL must be
accessible to the RP.
The RP must also communicate directly with the IdP to do the key
exchange, so the IdP too must be accessible to the RP.
More information about the general
mailing list