[OpenID] A Re-look at delegation
Santosh Rajan
santrajan at gmail.com
Sat Sep 5 17:41:34 UTC 2009
I know most poeple are not going to like what I am going to say.
Let us be practical and pragmatic.
Let us dump "delegation" the way we have seen it, Every body has seen the
problems with delegation. Most importanly joe,com. joe.com has delegated his
OpenID to whatever.com via his html page. He types in his OpenID (joe.com)
and the web site he logged into shows
http://AXGFJHHGFTYTYUIIIMNBGFFFGF
Right.
Now let us cut all this nonsense for security reasons at least.
If Joe wants joe.com as his OpenID. And whatever.com wants to be his OP.
Then whatever.com bloody well better know that joe.com is a valid claimed_id
at whatever.com.
In other words OpenId providers can't pop up any more "LocalId's". If you
Provider want to support delegation then bloody well verify the claimed_id.
Do it whichever way you want. But just do it.
Now that we have got that out of the way. Can you all please let us average
human beings allow us to have our own OpenId's?
I am santrajan at gmail.com, or facebook.com/santosh.rajan, or
santosh.rajan at ymail.com, Now can you Friggin providers verify what I am
claiming? If you can the lets talk OpenID!
-----
Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context: http://www.nabble.com/A-Re-look-at-delegation-tp25310796p25310796.html
Sent from the OpenID - General mailing list archive at Nabble.com.
More information about the general
mailing list