[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)
Brendan Taylor
whateley at gmail.com
Fri Mar 7 01:23:04 UTC 2008
On Thu, Mar 06, 2008 at 02:16:52PM -0800, Johnny Bufu wrote:
> Noah,
> You're arguing under the assumption that the string typed by the user
> at the RP (the User-supplied ID) is also or should be the claimed_id.
> This is not the case per the current OpenID 2.0 definitions.
No. The argument is that if URI-1 redirects to URI-2 with a 303 See
Also, then URI-1 should be the claimed_id (according to HTTP's semantics).
> > If I claim <http://bytesexual.org/> as my OpenID
> > and this 303s to some place else it is pretty clear what my
> > "claimed id" is,
>
> Yes - the URL after all redirects, unless you use a different
> definition for claimed_id.
Yes — according to the OpenID spec, which should probably be changed.
Using a 303 redirect means that you don't want URI-2 to be substituted
for URI-1.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080306/8dd8f331/attachment-0002.pgp>
More information about the general
mailing list