[OpenID] Can all Relying Party accept OpenID Provider's

Peter Williams pwilliams at rapattoni.com
Wed Sep 17 15:01:00 UTC 2008 

It's not obvious that it really does, Andrew.

I tested the validity of this very feature when doing formal due diligence on OpenID, the open code, and dominant providers. (I had to see where openid technology fits on the security scale, to get passed the evangelism pitches.)

It was very ambiguous what the intent of the unsolicited assertion messages were, and what a conforming flow would be. I came to the conclusion that its intent was very limited, and related to AX update. But, even that conclusion was tenuous.


-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Andrew Arnott
Sent: Wednesday, September 17, 2008 7:06 AM
To: hulixin
Cc: general at openid.net
Subject: Re: [OpenID] Can all Relying Party accept OpenID Provider's

Why do you say it doesn't?  In fact it does.

Sent from my iPhone

On Sep 16, 2008, at 11:38 PM, hulixin <hulixin at huawei.com> wrote:

> think you very much.
> I will supports unsolicited assertions too.
> Do you know why < OpenID Authentication 2.0 - Final >do not include
> this
> case.
> Is it safe?
>
> ________________________________
>
> 发件人: Andrew Arnott [mailto:andrewarnott at gmail.com]
> 发送时间: 2008年9月17日 12:28
> 收件人: hulixin
> 抄送: general at openid.net
> 主题: Re: [OpenID] Can all Relying Party accept OpenID Provider's
>
>
> I know DotNetOpenId supports unsolicited assertions on both sides as
> you
> describe.
>
> Sent from my iPhone
>
> On Sep 16, 2008, at 9:05 PM, hulixin <hulixin at huawei.com> wrote:
>
>
>
>    Thank you for your answer!
>
>    Can all Relying Party accept OpenID Provider's Responding without
> Requesting Authentication?
>
>    It means: User login in OpenID Provider directly ,instead of
> Relying
> Party  redirect user from Relying Party to OpenID Provider.After
> user login
> in OpenID Provider,User want to an  Relying Party,Can  OpenID Provider
> generate a url for user login into Relying Party,  if user click this
> url,Relying Party will accept this user login.user need not input
> OpenID in
> Relying Party.   Relying Party do not  send a  Requesting
> Authentication to
> OpenID
>
>     Provider ,OpenID Provider will send a Responding to Relying Party.
>
>        It is good for relying party , because OpenID Provider can
> bring pageview to Relying Party.
>
>    User login Facebook ,then User go to application ,Facebook  bring
> pageview to application.
>
>    Did OpenId  Provider can bring pageview to Relying Party.
>
>    I think some user will like to login in OpenId Provider every day
> ,then go to some Relying Party he like to go and have gone before.
>
>    _______________________________________________
>    general mailing list
>    general at openid.net
>    http://openid.net/mailman/listinfo/general
>
>
>
>
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list