[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Peter Williams
pwilliams at rapattoni.com
Wed Oct 22 23:07:30 UTC 2008
I don't understand what follows below. If I type the bush id, assuming no delegation, then that is the claim I am seeking the rp to verify (by receiving an assertion from an op about bush id). An op's assertion url for roger rabbit doesn't count under the rp state machine.
The only exception to this is the op identifier case.
How an op decides you are entitled to assert control over an identifier is a local matter. Can logon with a piv card saying you are cheney, for all it matters. The rp will never know (unless pape is in use, perhaps).
Isn't that what openid requires?
----------
Try signing in to Pibb.com using http://me.yahoo.com/georgebush
If you're already signed in to your Yahoo account, you'll pick an
existing identifier and proceed, and Pibb won't have any idea who
http://me.yahoo.com/georgebush is.
More information about the general
mailing list