[OpenID] Laws of id, openid with ssl
Martin Atkins
mart at degeneration.co.uk
Fri Jan 25 00:26:48 UTC 2008
Drummond Reed wrote:
> Peter, just to reinforce Dick's first step below -- in directed identity,
> the user does not give their own public identifier to the RP, only the
> identifier of their OP. That way the RP knows how to discover the OP's XRDS
> and connect to the service endpoint for the OP's directed identity service
> (<Type>http://specs.openid.net/auth/2.0/identifier_select</Type>).
>
> The OP then returns the user's selected identifier (either public or private
> -- user's choice).
>
I think calling it a "private" identifier is a bit misleading. All
OpenID identifiers are public.
Perhaps a terms to use would be "obfuscated", "single-use" or "throwaway".
More information about the general
mailing list