[OpenID] RP Discovery
Peter Williams
pwilliams at rapattoni.com
Fri Aug 31 18:50:11 UTC 2007
Can we amend that to now remove the restriction that the assertion be only about identity claims? Why cannot I put my extension in there, just like in the reverse flow?
-----Original Message-----
From: "Johnny Bufu" <johnny at sxip.com>
To: "Peter Williams" <pwilliams at rapattoni.com>
Cc: "Josh Hoyt" <josh at janrain.com>; "general at openid.net" <general at openid.net>
Sent: 8/31/07 11:02 AM
Subject: Re: [OpenID] RP Discovery
On 31-Aug-07, at 8:34 AM, Peter Williams wrote:
> (1) Is it clear yet whether an OP can just send an Auth response,
> without waiting to be asked?
10. Responding to Authentication Requests:
"Relying Parties SHOULD accept and verify assertions about
Identifiers for which they have not requested authentication. OPs
SHOULD use private associations for signing unsolicited positive
assertions."
Johnny
More information about the general
mailing list