[OpenID] Delegation leading to new accounts on websites
Johnny Bufu
johnny.bufu at gmail.com
Sun Jul 5 09:12:21 UTC 2009
On 21/06/09 05:29 PM, Andrew Arnott wrote:
> Google doesn't support delegation at all. Some concern about asserting
> an Identifier it has no control over...
Perhaps they are just being too cautious.
The OP's assertion is about openid.identity, which is always under their
control.
The end-users presenting a valid assertion issued by their OP are
claiming they control the openid.claimed_id. The OP's assertion is the
tool that makes the claim verifiable.
An OP's (valid) assertion alone cannot be used to prove ownership of
another claimed identifier without actually having control over that
claimed identifier (to configure delegation to the OP).
Johnny
More information about the general
mailing list