[OpenID] Question regarding the OpenID Information Cards 1.0
Peter Williams
pwilliams at rapattoni.com
Mon Sep 3 22:00:13 UTC 2007
http://www.daml.org/meetings/2005/04/pi/Business_Use.pdf page 36 has a category of growth based on discovery related issues, in the evolving S/WEB (a name which kinda follows spock's S/MIME, S/WAN pattern!).
For now, I'm going to place OpenID's innovations in WebSSO --- reliance on URL discovery (applying secure name resolution) -- into the "discovery" bucket in the first chart. They size the overall space at $2.7B to 2010 (just 2.2 years left).
My question is: how does the RP know that the OP has "authentication authority" over the asserted User URL. In the original protocol, the OP was pointed by an element contained in the HTML document referenced by the identity URL, that is, the owner of the URL delegated the authentication to the OP by defining the address of the OP. However, in the "OpenID Information Cards" this protocol step is absent.
What forbids me of creating an OP that asserts any identity URL that I want?
Thanks.
Pedro Felix
More information about the general
mailing list