[OpenID] Scheme in OP-Local ID
Jack
jack at jackpot.uk.net
Sat Sep 8 10:41:58 UTC 2007
Johnny Bufu wrote:
>
>> Any two of these might be byte-for-byte identical, but they are
>> different things - because the claimed_id is validated, and neither
>> of the others is (and sadly, the one the user relies on is one of
>> the two that aren't validated - the user-supplied id.)
>
> How do you define "relies"?
>
> As far as the user is concerned it can be said that there is only
> one: OpenID Identifier. The fact that they enter example.com and
> http://example.com/ gets validated shouldn't matter to them. In the
> 'user input' text box they are equivalent.
It might be possible to say that, but it doesn't seem really to be so.
The user enters "usersblog.example.com" in the RPs login form, and is
then asked to confirm they want to authenticate as
http://user.provider.net/". At least, this is what happens with
myopenid.com - I'm not sure why they don't ask me to confirm my claimed_id.
With XRI it's worse: you enter "@community*user" in the RP's login form,
and are asked to confirm something like
"@!7D4F.EA8B.24B6.ECC8!0000.0000.3B9A.CA8D". Apparently that's my
canonicalId, but I don't imagine I'll ever be able to distinguish it
from someone else's. When validating an XRI identifier, the provider is
*required* to ask the user to confirm authentication by reference to the
CanonicalID.
Thanks for your remarks; it seems I asked the wrong question, but the
answers have helped anyway.
--
Jack.
More information about the general
mailing list