[OpenID] openid query
Peter Williams
pwilliams at rapattoni.com
Sun Mar 2 03:44:05 UTC 2008
For those that support it, I believe there is the option to use none of the security/association features of the protocol. The implication is that one relies on external means - ssl in all likelihood - for nonce handshakes etc.
While this makes sense in solicited auth, what about unsolicited auth?
-----Original Message-----
From: Nat Sakimura <sakimura at gmail.com>
Sent: Saturday, March 01, 2008 5:38 PM
To: Peter Williams <pwilliams at rapattoni.com>
Cc: Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org>; Martin Paljak <martin at paljak.pri.ee>; OpenID General <general at openid.net>
Subject: Re: [OpenID] openid query
2008/3/2, Peter Williams <pwilliams at rapattoni.com>:
>
> If anyone has an RP site accepting unsolicited openid2 auth, with no
> association (but optionally accepts leverages https), Id like to do some
> interworking trials. I want to get the IDP-side code down to a page of
> simple script, for this minimal profile.
>
What do you mean by "no association"?
You do make an association between RP and OP, I believe.
But anyways: My web site http://www.sakimura.org/en/ does not do any black
or white listing. So you can try.
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
More information about the general
mailing list