[OpenID] PAPE yahoo?
Drummond Reed
drummond.reed at cordance.net
Wed Jul 2 20:51:55 UTC 2008
> James Tindall wrote:
>
> Hello all,
>
> I have a quick question that doesn't seem to be covered in the existing
> spec docs.
>
> If a user enters 'yahoo.com' the OpenID discovery phase yields this xrds
> document:
>
> <XRD>
> <Service priority="0">
> <Type>http://specs.openid.net/auth/2.0/server</Type>
> <Type>http://specs.openid.net/extensions/pape/1.0</Type>
> <URI>https://open.login.yahooapis.com/openid/op/auth</URI>
> </Service>
> </XRD>
>
> Is a Relying Party to take this as meaning that the Yahoo OpenID server
> supports all PAPE policies?
It depends on what you mean by "supports all PAPE policies"?
The XRD above simply says that the Yahoo OpenID 2.0 server supports PAPE,
which means the RP can include a PAPE request in their OpenID 2.0
authentication request to the Yahoo OP, and Yahoo will answer the request
saying which policies it did/didn't use for authentication (e.g., was it
phishing-proof or not?)
It doesn't mean that Yahoo has to support all the potential authentication
policies that the PAPE vocabulary includes.
=Drummond
More information about the general
mailing list