[OpenID] Dailymotion Implements SSO Solution with OpenID! :)
Peter Williams
pwilliams at rapattoni.com
Tue Dec 23 23:11:26 UTC 2008
Out of interest, is there any https public ca out there willing to populate the sp server's cn field with the xri of the hxri which the op's url resolver might work (from openid auth) with during sp discovery?
Obviously, this ssl server cert requires an hxri-capable url resolver, that properly interprets the cn field as an xri and applies the subordination control to determine namespace delegation proprieties. This would change hxri from being anaccess point to proxy/gateway service to being a secure nameform (via certs) in its own right.
I don't think msft https libs run in the nt kernel would have any problems here, as cert checking is a (configurable) call back to user space.
-----Original Message-----
From: Peter Watkins <peterw at tux.org>
Sent: Tuesday, December 23, 2008 2:52 PM
To: Peter Williams <pwilliams at rapattoni.com>
Cc: david at sixapart.com <david at sixapart.com>; Andrew Arnott <andrewarnott at gmail.com>; OpenID List <general at openid.net>
Subject: Re: [OpenID] Dailymotion Implements SSO Solution with OpenID! :)
On Tue, Dec 23, 2008 at 02:31:56PM -0800, Peter Williams wrote:
> What we need is lxri libraries: addressing nothing but signed xrds for openid idp and sp discovery.
IMO, what you need is for OpenID libraries to include XRI capabilities.
With Andrew's DotNetOpenID project, a RP gets XRI for free, and would
have to do extra work to prevent using XRIs. I'm happy to leave XRI
support enabled, but I wouldn't go out of my way to *add* XRI support.
Anybody know what OpenID implementation Dailymotion is using? Did they
not bother to find & hook up an XRI resolver, or did they actually go
out of their way to deny XRI?
-Peter
More information about the general
mailing list