[OpenID] is it true?
Andrew Arnott
andrewarnott at gmail.com
Wed Aug 26 04:53:41 UTC 2009
The OP never sees @blog*lockbox, because that's just the user-supplied
identifier, and the OP only sees the claimed identifier and the OP Local
Identifier.
The OP needn't do CID verification checks IMO. It's not the OP's
responsibility to perform discovery on said identifier. It's only role is
to assert whether the OP Local Identifier user is logged into the OP and
wants to log into the RP. It's up to the RP to ensure via discovery that
the claimed_id and the local_id have a meaningful relationship.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Tue, Aug 25, 2009 at 9:10 PM, Peter Williams <pwilliams at rapattoni.com>wrote:
> User types “@*blog**lockbox” at RP
>
>
>
> Discovery determines that XRD.canonicalid is !1234, and the XRD.SEP has
> local-id=homepw.myopenid.com
>
>
>
> This form of SEP implies that the user desires openid2-style
> openid-delegation
>
>
>
> On receiving a request in which cid=!1234 and identifier=
> homepw.myopenid.com, the OP ONLY responds IF it does a discovery on !1234,
> validates that cid-verification=true (and sees that there exists
> SEP.local-id == request.openid.identity).
>
>
>
> Is it true that the OP does NOT know that the user typed @blog*lockbox at
> the RP?
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090825/f8b0714d/attachment.htm>
More information about the general
mailing list