[OpenID] Doubt about identifier
Kleber - Corujito
corujito at gmail.com
Thu Feb 3 16:39:40 UTC 2011
Thanks for the reply.
- Let's imagine an individual RP.
- user uses a Google button to authenticate (OP identifier)
here Google will return an identifier like
https://www.google.com/accounts/o8/id?id=blablablablabla
- another day the same user try to authenticate using a URL (not a Google
button) http://google.com/profiles/LOGIN
here Google will return an identifier different from the first to the same
RP (return http://google.com/profiles/LOGIN).
In this case would return different identifiers for the same user and same
RP.
Am I wrong?
On Thu, Feb 3, 2011 at 12:48 PM, Andrew Arnott <andrewarnott at gmail.com>wrote:
> On Thu, Feb 3, 2011 at 5:07 AM, Kleber - Corujito <corujito at gmail.com>wrote:
>
>> Hi everyone! I'm new here and I have some doubts.
>>
>> OP returns something that identifiers users uniquely.
>>
>> Must (or should) OP return always the same identifier for an user?
>> if not, that is bad to RPs, isn't?
>>
> Generally yes. However, "directed identity" allows an OP to always send
> the same claimed identifier to an individual RP, but each individual RP gets
> a unique claimed id for the same user. Thus each RP sees the same id, but
> across multiple RPs the identifier varies, so that RPs can't correlate user
> data. Google is the only (large) OP that I know of that leverages this
> capability.
>
>
>> I noticed that I have different ways to use my Google openid and each one
>> may return something different (or RPs are doing something wrong).
>> ex:
>> 1. https://www.google.com/accounts/o8/id (OP identifier)
>> 2. http://google.com/profiles/LOGIN
>> 3. http://www.google.com/profiles/1234567890
>> 4. https://www.google.com/accounts/o8/id?id=blablablablabla
>>
>>
> Google has 3 distinct OPs. Their primary one which uses directed identity,
> and accounts for #4 (claimed id) and #1 (OP identifier) on your list. Then
> Google Profiles has an OP that does *not* use directed identity, which is
> #2/#3 on your list (people can choose whether the identifier is your login
> name or not).
> Their third OP isn't on your list -- it's the OpenID 1.1 OP that is behind
> their Blogger service. As the version number implies, it's been long in
> need of an update, or a replacement<http://blog.nerdbank.net/2010/03/how-to-upgrade-your-blogger-openid-to.html>
> .
>
--
Kleber Manoel Infante (Corujito)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20110203/d7fba57a/attachment.html>
More information about the general
mailing list