[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Mar 6 19:15:17 UTC 2008
John Kemp:
>
> But given that the claimed_id now will be the result of following
> redirects, it would be my assertion that if the claimed_id has been
> obtained by following 302/303/307 redirects that it is quite possibly
> not actually the user's intended OpenID.
>
Why this assumption? You could for example submit example.com as your
ID, which would be naturalized to http://example.com/ which in turn
would be redirected to https://example.com which would return the
claimed ID https://john.example.com/
There could be additional steps in this scenario, all be redirects and
relocations, however whatever is returned to the RP at the end of the
process as the claimed_id is...well, the claimed ID....
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080306/af8f45d5/attachment-0002.htm>
More information about the general
mailing list