[OpenID] Claimed Identifiers and Query String Parameters
Joe Tele
pnwtele at yahoo.com
Wed Sep 3 07:04:14 UTC 2008
I'm looking for some insight regarding a relying party library I'm
integrating. We are using the claimed identifier as a key in our
database to identify credentials for a user. However, it seems that some sites have virtually infinite number of claimed identifiers for the same OP Local Id.
For example, with verisign a user may enter
myopenid.pip.versignlabs.com into our text box. This is resolved to
http://myopenid.pip.verisignlabs.com/ as the claimed identifier and all
is well. The user could also type in myopenid.pip.verisignlabs.com?a=1
which resolves to the claimed identifier
http://myopenid.pip.versignlabs.com?a=1 which corresponds to different
credentials for our database. There is a very large number of urls which seem to correspnad to the the same verisign user but which we map to different users. What have we done wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080903/13ae04c3/attachment-0002.htm>
More information about the general
mailing list