[OpenID] Laws of id, openid with ssl
Dick Hardt
dick at sxip.com
Thu Jan 24 21:32:41 UTC 2008
On 24-Jan-08, at 4:15 PM, Peter Williams wrote:
>
> Now, when we say that OpenId2 supports directed identity (complying
> with Law 4), is the above flow pattern what we mean?
That is not what I mean when we say directed identity.
1) The user provides their OP identifier to the RP.
2) The RP does discovery to find the OP's entry point and redirects
the users browser with the OpenID request.
3) The OP processes the request and asks the user which identifier
the user wants to present to the RP. This answer may be cached so the
user does not need to provide this answer each time. If the user
indicates they want to use a directed identity, the OP generates a
new, random OpenID for the user if the user has not been to the RP
before, otherwise the OP will likely use the directed OpenID used by
the user at this site in the past.
4) The OP signs the response including the directed identifier and
sends it to the RP.
5) The RP does discovery on the identifier and confirms that the OP
is authoritative for the identifier.
Note that the OP will likely not provide the same identifier to other
RPs, thus making it a directed identity per how Liberty and
InfoCards refer to the term. :-)
This is what Sxipper does when you choose to provide a private
identifier to an OpenID site.
-- Dick
More information about the general
mailing list