[OpenID] RP Discovery
Johnny Bufu
johnny at sxip.com
Fri Aug 31 18:02:36 UTC 2007
On 31-Aug-07, at 8:34 AM, Peter Williams wrote:
> (1) Is it clear yet whether an OP can just send an Auth response,
> without waiting to be asked?
10. Responding to Authentication Requests:
"Relying Parties SHOULD accept and verify assertions about
Identifiers for which they have not requested authentication. OPs
SHOULD use private associations for signing unsolicited positive
assertions."
Johnny
More information about the general
mailing list