[OpenID] OP-initiated RP discovery

[John Bradley]

An unsolicited assertion still needs to have a return_to in it.

As I recall Tor hosts use .onion as there TLD so a IdP that is doing  
RP discovery will choke unless it is running Tor itself.

If the IdP is not doing RP discovery normal openID should work as long  
as the Tor host  can connect to the OP to do direct verification or  
association.

It is a good question.  I think this is the first time I have seen  
this use case raised.

Though in the spirit of the onion network I would hope that the OP is  
using PPID identifiers for you so that you are not coralatable by the  
RP,  using a omni-directional openID sort of defeats part of the  
purpose.

John B.
On 2009-10-06, at 2:19 AM, SitG Admin wrote: coralatable

>> That sounds like what we call an "unsolicited assertion".
>
> I thought those were non-direct OP-RP communications, with the user  
> carrying the payload? The diagram I found seems to support this:
> http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
> The use-case would be a Relying Party running on a server only  
> available through the Tor network; *but*, that server would  
> asymmetrically be able to make requests to other servers on The  
> Internet, even though most servers can't access .onion TLD's. I  
> *think* OpenID could still work in this way, over Tor, because the  
> OP is returning documents as a response and not a separate request  
> of its own.
>
> -Shade
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general