[OpenID] Problems with delegation and directed identity OPs
Breno de Medeiros
breno at google.com
Sat Nov 8 01:40:19 UTC 2008
On Fri, Nov 7, 2008 at 4:48 PM, Allen Tom <atom at yahoo-inc.com> wrote:
> Deron Meranda wrote:
>> Of course, from an OP usability perspective, it's not exactly straight
>> forward for somebody to determine their actual Yahoo identity(-ies),
>> although it is possible.
>>
> We definitely can improve the usability, but you can list your Yahoo
> OpenID identifiers by going to http://openid.yahoo.com and clicking on
> the "OpenID Home link" at the top of the page.
>
>> And, just from curiosity, why are the randomly generated URIs
>> (both Google and Yahoo!) so long?
> :)
>
>> So, the current Google situation makes it almost impossible to use delegation!
>>
>>
> Hmm, it does appear that it's impossible for someone to delegate their
> OpenID to Google.
The OpenID spec says that the op_local is an optional field. I think
in practice libraries set identity=claimed_id in this case. I assume
it is then unspecified how the OP validates that the user is
authorized over that URL. That changes nothing from the RP
perspective, because it always has to depend on the OP to make that
judgment.
Bottom line: The fact that the op_local technique is not available for
usage with the Google OP does not mean that it cannot support
delegation.
>
> Allen
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
--
--Breno
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
More information about the general
mailing list