[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sat Mar 8 17:49:03 UTC 2008
Brendan Taylor:
>
> My understanding is that yes, the OP can return something completely
> different—if the user entered an OP Identifier.
>
No, it can return a claimed_id unrelated to the user input. Including
but not limited to OP URL input.
> If the user did not enter an OP Identifier, then the Claimed Identifier
> is determined by the normalization procedure specified in OpenID
> Authentication 2.0 §7.2, which is what we're discussing.
>
Right, until it gets to the OP...
>
>> It's the job of the OP to know what he's doing with each redirect and not
>> lose the information he is required to know in order to successfully
>> authenticate.
>>
>
> In general, it's impossible for the OP to know what redirects may have
> taken place during the normalization stage, as the OP may be completely
> separate from the URL that's being verified.
>
>
Normalization at the RP side in mostly about adding an http:// prefix
etc. As soon as the requests lands at the OP it's the OPs beer what to
do with I think....
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080308/7a90cf0d/attachment-0002.htm>
More information about the general
mailing list