[OpenID] Claimed Identifiers and Query String Parameters
Joe Tele
pnwtele at yahoo.com
Wed Sep 3 00:04:14 PDT 2008
I'm looking for some insight regarding a relying party library I'm
integrating. We are using the claimed identifier as a key in our
database to identify credentials for a user. However, it seems that some sites have virtually infinite number of claimed identifiers for the same OP Local Id.
For example, with verisign a user may enter
myopenid.pip.versignlabs.com into our text box. This is resolved to
http://myopenid.pip.verisignlabs.com/ as the claimed identifier and all
is well. The user could also type in myopenid.pip.verisignlabs.com?a=1
which resolves to the claimed identifier
http://myopenid.pip.versignlabs.com?a=1 which corresponds to different
credentials for our database. There is a very large number of urls which seem to correspnad to the the same verisign user but which we map to different users. What have we done wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/general/attachments/20080903/13ae04c3/attachment.htm
More information about the general
mailing list