[OpenID] What does Sxipper do?

Dick Hardt dick at sxip.com
Tue Jan 23 18:09:36 UTC 2007 

On 23-Jan-07, at 8:58 AM, Bob Wyman wrote:

> On 1/23/07, Ben Laurie <benl at google.com> wrote:
> > Nothing happens? Or Sxipper thinks its a new OP?
> My apologies if this is a dumb question, but why would it ever make  
> sense for code like Sxipper to believe any RPs statements about the  
> location of the OP? It seems to me that the real value of a  
> "chrome" solution is that it has complete knowledge of who are  
> valid OPs. A properly built chrome solution should never  
> communicate with an alleged OP that it hadn't previously been  
> configured to work with. Establishing a relationship between a  
> client and an OP should, I think, require a relatively "heavy- 
> weight" process which is distinct from all other web interactions  
> and is never done as a side-effect of interaction with any site...  
> Binding to an OP should be a "special" process.
>
> In fact, with a little bit of intelligence in the client, it seems  
> to me that the client wouldn't even ever have to let the RP know  
> the precise URL that the client uses to talk to its OP. (i.e. The  
> RP would send a redirect to the client, the client would look at  
> the address and say: "thank you very much, but I'm going to this  
> other secret address instead..." )  So, the RP might tell my client  
> to go login athttp://example.com/login, but what my client will  
> really do is login at https://example.com/login/ 
> specialprivateplace/ or evenhttps:// 
> someplacecompletelydifferent.com/  (Also, note that in that  
> example, the RP says go to http:/... but the client actually goes  
> to https:/...) If you've got intelligence in the client, all sorts  
> of things are possible. You could even use various key based  
> systems to identify the OP, encrypt things so that only the real OP  
> can read them, etc.

Sxipper works this way.

-- Dick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070123/bf5fd780/attachment-0002.htm>

More information about the general mailing list