[OpenID] Correlating Identifiers
Manger, James H
James.H.Manger at team.telstra.com
Fri Nov 7 04:49:09 UTC 2008
Peter,
> if this is the second round of discovery by an RP for a given run, then
> formally we are JUST testing for authority. if the second round does not
> positively confirm the authority of th OP to speak for the namespace, then
> the RP SHOULD simply treat the discovery result as if it were a first
> round discovery ...and thus openid auth starts again.
>
> Is that the concept (stripped of spec language)?
I don't want an RP to trigger a 2nd authentication request/response.
I do want an RP to trigger a 2nd discovery step when necessary.
I hope that is how the spec is implemented.
[Any OP proxying/chaining should not have to involve the RP --
keep it between the user and their 1st OP,
once the RP has issued an authentication request redirect.]
James Manger
More information about the general
mailing list