[OpenID] What does Sxipper do?

Bob Wyman bob at wyman.us
Tue Jan 23 16:58:53 UTC 2007


On 1/23/07, Ben Laurie <benl at google.com> wrote:> Nothing happens? Or Sxipper
thinks its a new OP?
My apologies if this is a dumb question, but why would it ever make sense
for code like Sxipper to believe any RPs statements about the location of
the OP? It seems to me that the real value of a "chrome" solution is that it
has complete knowledge of who are valid OPs. A properly built chrome
solution should never communicate with an alleged OP that it hadn't
previously been configured to work with. Establishing a relationship between
a client and an OP should, I think, require a relatively "heavy-weight"
process which is distinct from all other web interactions and is never done
as a side-effect of interaction with any site... Binding to an OP should be
a "special" process.

In fact, with a little bit of intelligence in the client, it seems to me
that the client wouldn't even ever have to let the RP know the precise URL
that the client uses to talk to its OP. (i.e. The RP would send a redirect
to the client, the client would look at the address and say: "thank you very
much, but I'm going to this other secret address instead..." )  So, the RP
might tell my client to go login at http://example.com/login, but what my
client will really do is login at
https://example.com/login/specialprivateplace/ or even
https://someplacecompletelydifferent.com/  (Also, note that in that example,
the RP says go to http:/... but the client actually goes to https:/...) If
you've got intelligence in the client, all sorts of things are possible. You
could even use various key based systems to identify the OP, encrypt things
so that only the real OP can read them, etc.

BTW: OpenID provides a means for OP and RP to establish a secure
association. Why doesn't it do the same for OP and Client?

bob wyman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070123/655eaf99/attachment-0002.htm>


More information about the general mailing list