[OpenID] Newby OpenID (1.1) questions
coen at rtlinteractief.nl
coen at rtlinteractief.nl
Mon May 4 11:32:52 UTC 2009
Hi All,
I'm new to OpenID and reading up before implementation and I have a few
questions. Sorry for the n00b level, but I did try to figure things out
myself.
Concerning 'OpenID Authentication 1.1'
* Paragraph 4.2.2.3, I cannot place the term 'opaque', what does it mean
in this context? (I'm not a native English speaker(/reader))
* Paragraph 4.2.2..3 is missing a right parenthesis, where does it go?
* Paragraph 4.3.2.2, openid.assoc_handle, I do not understand the
meaning of 'to fine for', I tried different online translations, but
can't work it out.
I think I got these, but would like them verified:
* DH-SHA1 means using SHA1 for encrypting the mac key?
* HMAC-SHA1 means using SHA1 for message authentication? But if this is
true, then what does the HMAC function do?
* The secret(..) function is a server side function encrypting the
assoc_handle with whatever method the server desires?
* Delegating authentication as described in paragraph 3.1.1. is a
single/one time step. There can be no delegation after delegation?
* Should the end user have to log in on the server in order for it to
verify the claimed id, the difference between checkid_immediate and
checkid_setup is that the first says a user should perform the
authentication on the server (at the returned openid.user_setup_url)
where the latter directly performs any required authentication?
I'm currently reading the 2.0 specs, which raises (a lot of) new
questions, but sure helped me understand the 1.1 better.
Thanks a bunch,
Coen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090504/3ad147c8/attachment.htm>
More information about the general
mailing list