[OpenID] HTML markup for discovery in OpenId 2.0
Martin Atkins
mart at degeneration.co.uk
Sat Oct 27 18:18:19 UTC 2007
Tony Locke wrote:
> Thanks for that Jack, I'll put the four separate <link> tags in to
> support both versions.
>
> I'm still not clear on why the server needs to be given on the claimed
> id page. Can't the Relying Party just do discovery on the OP-Local
> Identifier to find the OP Endpoint URL?
>
That's an optimisation, so that the RP can save at least one HTTP
request. It also allows the OP-local identifier to be an unresolvable
URI, such as an email address or any other token, since only the OP ever
sees it. (AOL could, for example, allow aim:ScreenName-type URIs. They
don't, but there's nothing technically stopping them from doing so.)
An OP using such an identifier would only ever be usable through
"delegation", of course, but that's pretty-much the default mode of
operation these days anyway. Including the OP-local identifier is
recommended even if it's the same as the claimed identifier.
More information about the general
mailing list