[OpenID] Localhost OpenID
Pat Patterson
pat at superpat.com
Fri Dec 15 01:17:14 UTC 2006
Hi Xageroth,
I'm mainly lurking here, but occasionally something catches my eye...
Rabbit wrote:
> [...]
>
> And the only thing needed to make all that happen is a public key
> entered into the equation. I appreciate all this feedback btw.
>
Which pre-supposes a prior relationship between RP and IdP (oh, ok then,
'OP'), which is (as I understand things) counter to a design goal of OpenID.
And, to be honest, if you're going to muck with public keys, you might
as well go the whole hog and do SAML 2.0.
Looking at my YADIS-SAML demo
<http://blogs.sun.com/superpat/entry/yadis%2Fxri_identifier_resolution_with_saml>
from last week, you could have the SAML Metadata be somewhere on the
interweb with the SSO endpoints (i.e.. <SingleSignOnService> - slide 13)
set to localhost. POST profile would work fine. I suspect Jeff'n'Scott's
SAML lightweight profile
<http://identitymeme.org/archives/2006/10/26/latest-revisions-of-saml-lsso-and-simplesign-specs/>
would take care of most of the details - you don't even need to do real
XML Signature.
Cheers,
Pat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061214/6e4c4773/attachment-0001.htm>
More information about the general
mailing list