[OpenID] Directed Identity vs. "what the user typed"

[Peter Williams]

> One solution, then, would be to loudly complain (RP-side) when this
> happens, alerting the user to this switch. Ironically, it was Andrew
> who convinced me to let Directed Identity decide, and you who once
> said "Certainly I can't think of any advantage you gain by storing
> the OP identifier." :)

Seeing as vanity sites for users are not exactly in vogue, we were thinking of assuming the opposite and helping provision "vanity" sites (aka sites under __user control__ for delegation, and services)

As an RP, we would link the claimed identifier (created asserted by directed id processes) to an RP-provisioned new openid. This hosted "vanity site" would have an XRDS, simply delegating back to the OP Identifier or claimed id. It _could_ even allow the user to manage his/her own set of OP providers (of which at least the introducing one works...). Whether the user ever uses this "vanity" site or not is up to him/her; it would just be a dynamic page server from a db table, off of a SSL wildcard endpoint. One day, it would evolve into a full HXRI resolver.

Seems useful, and 100% aligned with the openid concept.

Obviously, that involves "storing the OP or claimed identifier" - in the XRDS generator table.