[OpenID] OpenID provider with gibberish identity URLs to avoidnickname change issues

Recordon, David drecordon at verisign.com
Wed May 30 15:26:22 UTC 2007 

>> Second, the OpenID 1.1 specification does not allow for returning
>> a different identifier than the one that was requested.
>
> What part of the spec prevents it? I don't see anywhere that says
> the Verified Identifier must be the same as the Claimed Identifier.

This is my opinion as well with OpenID 1.1, though in practice we found
it not to work very well.  I need to do some more testing around it, but
we ended up not seeing it as viable with current 1.1 deployments. :-\

--David

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Rowan Kerr
Sent: Wednesday, May 30, 2007 6:07 AM
To: openid-general
Subject: Re: [OpenID] OpenID provider with gibberish identity URLs to
avoidnickname change issues

On 29-May-07, at 2:44 PM, Josh Hoyt wrote:
> There are two problems with trying to do this with OpenID 1.1. First,
> you can't do the redirection on a per-relying-party basis, because you
> don't know who the relying party is when they request the identity
> URL.

It could possibly be worked into the "discovery" step since that
requires following redirects ... if the RP set a referrer header
when it made the discovery request, the OP could leverage that.


> Second, the OpenID 1.1 specification does not allow for returning
> a different identifier than the one that was requested.

What part of the spec prevents it? I don't see anywhere that says
the Verified Identifier must be the same as the Claimed Identifier.


> Support for directed identity is one of the key features of OpenID
> 2.0. If you implement OpenID 2.0, your users will enter the URL for
> your provider, and the provider will get a request for identifier
> selection. It's up to the provider and the user at that point to
> choose or generate a URL to send in the response.

I agree that this would be the preferred way to do it.

-Rowan

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list