[OpenID] What's broken in OpenID 2.0? (IIW session)
Martin Atkins
mart at degeneration.co.uk
Thu May 10 20:11:28 UTC 2007
ydnar wrote:
> Could delegation be used for this purpose?
>
> <http://openid.net/specs/openid-
> authentication-1_1.html#delegating_authentication>
>
> Example:
>
> <link rel="openid.server" href="http://www.livejournal.com/
> openid/server.bml">
> <link rel="openid.delegate" href="http://openid.livejournal.com/
> 482834734545">
>
In that scenario, RPs still use the claimed identifier (that is, not the
delegate identifier) as the "key". This is intentional to allow the
claimed identifier to be moved to another provider.
I imagine that a hypothetical "canonical identifier" scheme would look a
lot like delegation, but it'd use the target identifier as the key
instead. rel="openid.canonical" could be used for this purpose.
As far as I can fathom, using delegate and canonical at the same time
does not make sense and thus shouldn't be allowed. (Please correct me if
I'm wrong!)
More information about the general
mailing list