No subject

(according to and satisfying the Consumer's SSL key management policy) =
the "final URL" is https://peteraccount.rapdata.com/ . This  string, =
furthermore, is the "final, canonicalized URL" ( in the absence of an =
openid.delegated link field value in the HTML document delivered over =
https). This is thus the "End User's Identifier".

------------

Lets continue the thought experiment:-

Lets say the that openid.server link value is =
https://login.rapmlsstg.com/sp/SsoHandler.aspx. We can note that this =
URL has little formal relationship to the End User's Identifier =
https://peteraccount.rapdata.com/=20

Nevertheless, the consumer can now expect to find an OP Provider =
listener at that link value URL. If this is true, the consumer agent and =
provider agent then engage in the "OpenID Authentication Protocol".

In the course of completing the protocol, the provider agent will =
normally be required to perform BY MEANS BEYOND THE SCOPE OF OPENID AUTH =
SPEC, user authentication - before it supplies the "cryptographic proof" =
that a user controls the End User's Identifier. After following some =
series of locally-defined redirects to a form-login page, users might =
perform this by completing the action of typing in a correct =
username/password combination.

Is there any flaw in my understanding, in any of the above?=20

Are the example's "complying"?

=20