[OpenID] Problems with OpenID and TAG httpRange-14
John Kemp
john at jkemp.net
Tue Mar 4 22:02:10 UTC 2008
John Panzer wrote:
[...]
> If
> resolution works as below, I can never authenticate as
> abstractioneer.blogspot.com. But if the service remembered the URL I
> provided, I could choose, by providing abstractioneer.blogspot.com or
> abstractioneer.org to the site depending on the site.
Although my detailed walkthrough with Noah isn't in this email, I
suspect that the answer to the actual problem is the same - I don't see
why the service (RP) can't remember the URL you provided, either by
simply storing it itself, or getting that identifier rather than the
(canonical, following redirects) claimed ID in the OpenID response from
the identity provider. I just think that this behaviour is likely
application-dependent at the moment, but I was hoping that someone more
knowledgeable could confirm that...
- johnk
>
> John
>
>> On Tue, Mar 04, 2008 at 04:04:15PM -0500, John Kemp wrote:
>>
>>> Thanks for explaining your issue so well - I'm sorry if I seem dense,
>>> but I'm just trying to understand the practical effect of this on the
>>> OpenID protocol...
>>>
>>
>> Thank you for taking the time to step through it with me, I appreciate it's an
>> edge case, but stil it's worthy of some attention IMHO.
>>
>> I will wait for some other people to chip in with opionions on this list.
>>
>> Thanks again,
>>
>> --
>> Noah Slater <http://bytesexual.org/>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
More information about the general
mailing list