[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)
Brendan Taylor
whateley at gmail.com
Sat Mar 8 03:38:42 UTC 2008
On Sat, Mar 08, 2008 at 04:04:12AM +0200, Eddy Nigg (StartCom Ltd.) wrote:
> Even
> if http://example.org/about returns 200 OK, this doesn't have to be the
> actual ID, instead the OP can return also something completely else to the
> RP like http://me.otherdomain.net/ for http://example.org/about.
My understanding is that yes, the OP can return something completely
different—if the user entered an OP Identifier.
If the user did not enter an OP Identifier, then the Claimed Identifier
is determined by the normalization procedure specified in OpenID
Authentication 2.0 §7.2, which is what we're discussing.
> It's the job of the OP to know what he's doing with each redirect and not
> lose the information he is required to know in order to successfully
> authenticate.
In general, it's impossible for the OP to know what redirects may have
taken place during the normalization stage, as the OP may be completely
separate from the URL that's being verified.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080307/ca55f637/attachment-0002.pgp>
More information about the general
mailing list