[OpenID] OP-initiated RP discovery
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Oct 6 06:19:03 UTC 2009
>That sounds like what we call an "unsolicited assertion".
I thought those were non-direct OP-RP communications, with the user
carrying the payload? The diagram I found seems to support this:
http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
The use-case would be a Relying Party running on a server only
available through the Tor network; *but*, that server would
asymmetrically be able to make requests to other servers on The
Internet, even though most servers can't access .onion TLD's. I
*think* OpenID could still work in this way, over Tor, because the OP
is returning documents as a response and not a separate request of
its own.
-Shade
More information about the general
mailing list