[OpenID] Dare to Trust OpenID
Drummond Reed
drummond.reed at cordance.net
Fri Mar 7 07:54:00 UTC 2008
Prabath,
What they are referring to is the feature called "OP Identifier" in the 2.0
spec. See section "7.3.2.1.1. OP Identifier Element" and also search for the
other references to "OP Identifier".
The spec is unfortunately doesn't really explain much about the intended use
of this option, but in the OpenID community this feature is often called
"directed identity" (after Kim Cameron's Fourth Law of Identity), and it
simply means you can login with the identifier of your OP rather than your
own OpenID identifier.
Yahoo chose to implement OpenID that way (at least for the present) and is
promoting the idea that websites just stick a "Login with Yahoo" on their
login page that will send the login request to yahoo.com. Yahoo will then
generate a unique OpenID identifier as the user's Claimed Identifier.
=Drummond
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Prabath Siriwardena
> Sent: Thursday, March 06, 2008 10:47 PM
> To: general at openid.net
> Subject: [OpenID] Dare to Trust OpenID
>
> Quoted from [1]:
>
> "Instead of asking you for your log-in, a site could ask you for your
> OpenID, which takes the form of a URL, such as
> myname.openid-provider.net. In fact, with the newer 2.0 version of
> OpenID, you may just have to provide the domain, such as yahoo.com
> (yes, Yahoo supports such usage for its members)."
>
> I could not find a section in OpenID Authentication 2.0 spec, which
> has a reference to the statement "with the newer 2.0 version of
> OpenID, you may just have to provide the domain".
>
> Any thoughts? [ have I misread it?]
>
>
> Thanks & regards.
> - Prabath
>
> [1]: http://www.eweek.com/c/a/Security/Dare-to-Trust-OpenID/
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list