[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)

[Peter Williams]

If we finally have a motivating use case... I judge that the topic is simply not addressed in the openid standard. Stuff about "RP remembering" is just not part of the use case analysis OR the protocol design. Its for RP sites to address this topic (just a like a million other signup/signon screens already do), probably using cookies. If the RP sites wants to to rely on HTTP redirect signals, thats fine too: but its a "local issue".

(I assume below "OpenID agent" means OpenID consumer (RP), and find the "delegation server" means finds the host serving the user's discovery information (containing the openid metadata))

"I think you have misunderstood my problem though. When the OpenID agent follows
this redirect to the new location and finds the delegation server, processes the
login and what have you, I am saying that when it remembers your OpenID for
future uses or for display on a website it should use the original URI and not
the one that was found by redirection."

----------

Now let me switch sides.

Having shown openid recently to folks in my profession, who are used to the SAML's IDP-initiated workflow and its associated ease of use, we do have an issue.  If our realtor portal connects folks to 10 SP at the beginning of the workday, we cannot have the user having to type in 10 openids at signon screens, all with different pracices concerning "remembering".

Either we standardzied better unsolicited auth and make it interoperable (in practice, which its not), or we address DO NOW ADMIT some of the use cases that Noah is properly addressing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080311/acc9bffa/attachment-0002.htm>