[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)

Johnny Bufu johnny at sxip.com
Fri Mar 7 18:18:10 UTC 2008 

On 6-Mar-08, at 7:58 PM, Noah Slater wrote:

> On Thu, Mar 06, 2008 at 02:16:52PM -0800, Johnny Bufu wrote:
>> You're arguing under the assumption that the string typed by the  
>> user at
>> the RP (the User-supplied ID) is also or should be the claimed_id.  
>> This
>> is not the case per the current OpenID 2.0 definitions.
>
> I realise this, that is why I am emailing the OpenID community. The  
> current
> specification is broken as it currently stands.

Reasoning based on a false assumption and reaching an unexpected  
conclusion that apparently does not conform to the HTTP spec hardly  
breaks the OpenID protocol IMO.

Perhaps you should explain why your assumption (user-supplied id ==  
claimed_id) should superceed the spec (condidering that without it  
the spec stands).

>>> If I claim <http://bytesexual.org/> as my OpenID
>>
>> You must do that by publishing discovery information at this URL,
>> without issuing redirects.
>
> This is false, please see the both the OpenID spec

Can you provide a specific pointer here? I tought I was familiar with  
this spec, but the opposite seems clear to me: one of the (XRDS  
header, HTML meta, XRDS document) have to be supplied at a URL in  
order for it to become a valid claimed_id.

You have none of this set at the URL you're _intending to claim_.

> and the HTTP RFC.

How can the HTTP RFC be interpreted to make inferences about where  
the OpenID discovery information should live? (Without the above  
assumption.)

>>> and this 303s to some place else it is pretty clear what my "claimed
>>> id" is,
>>
>> Yes - the URL after all redirects, unless you use a different  
>> definition
>> for claimed_id.
>
> False, please see the HTTP RFC I have cited multiple times.

And I have argued[1][2] that it's not necessarily applicable the way  
you put it.

Johnny

[1] http://openid.net/pipermail/general/2008-March/004282.html
[2] http://openid.net/pipermail/general/2008-March/004303.html

More information about the general mailing list