[OpenID] Scheme in OP-Local ID
Peter Williams
pwilliams at rapattoni.com
Thu Sep 6 19:56:45 UTC 2007
> The claimed_id has only one form - the normalized one.
>
>
> Johnny
[Peter Williams] if the claimed_id that comes back in check_id response
is not octet-identical to the normalized user input value (in the
solicited auth flow of OpenID Auth), shall one perform a new round of
discovery in the check_id resp verification logic (both dumb and
intelligent varieties)?
I'd expect the result of discovery performed against this claimed_id to
identify amongst its HTML/XRDS OPs the exact URL of the OP selected
earlier from the discovery against the normalized user input value. I'd
expect to issue a validation-exception as an RP if this condition cannot
be affirmed.
We cannot make the assumption that XRDS metadata for normalized user
input URL will be identical with the XRDS metadata for the claimed_id in
the check_id response
More information about the general
mailing list