<HTML><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText31620 dir=ltr>
<DIV dir=ltr><FONT face=Terminal color=#000000 size=2></FONT> </DIV></DIV>
<DIV dir=ltr>Fun to add querystring values onto the "return" claimed ID, e.g. an openid. Allows for all manner of bridging in various directions, with resulting 4 corner assurance models.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>If an "intermediating" RP is also an OP, it can detect a certain form of claimed ID is returned by the downstream OP and ...now.. it assert on its own account to the RP "site" mentioned in goto: "...#frag?goto=http://site".</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Obviously, it adds "a evaulation" rating to the downstream OP, qualifying it for the benefit of site. Under normalization, it obviously strips the #frag on start the second phase of the openid auth handshake.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>The assurance of its own rating service depends on which SSL server cert it cites to the site-RP. No need for prior art search on the use of SSL server cert to attest to assurance level of the _service_ bound to an https endpoint. Its well researched.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>
<HR tabIndex=-1>
</DIV>
<DIV dir=ltr><FONT face=Tahoma size=2><B>From:</B> Nat Sakimura<BR><B>Sent:</B> Fri 2/29/2008 9:08 AM<BR><B>To:</B> Markus Lanthaler<BR><B>Cc:</B> general@openid.net<BR><B>Subject:</B> Re: [OpenID] Normalizing claimed identifier (remove the #?)<BR></FONT><BR></DIV>
<DIV><PRE style="WORD-WRAP: break-word">Read 11.5.1. Identifier Recycling.
The fragment is this.
The full URL with the fragment part constitutes the Claimed Identifier
in positive assertions and you must not strip it off. You have to
distinguish between the claimed identifier in authentication request
and the claimed identifier in the positive assertion. The
normalization is for the claimed identifier in authentication request.
=nat
2008/2/29, Markus Lanthaler <markus@silverstripe.com>:
> Hey all,
>
> I just tested the new Yahoo OpenIDs. It seems that they are appending to all
> their some ID, e.g. https://me.yahoo.com/markus.lanthaler gets
> https://me.yahoo.com/markus.lanthaler#a5b3f. The problem I have is that I
> don't know for what reason that fragment is appended and if I should strip
> it before saving the URL (as it is stated in the spec:
> http://openid.net/specs/openid-authentication-2_0.html#normalization).
>
> That fragment is never shown to the user so it's difficult for an
> administrator to set the OpenIDs for all the users if they cannot tell him
> their full URL.
> Any ideas why they do it that way? Any suggestions how I should handle them?
>
>
> Thanks,
> Markus
>
> _______________________________________________
> general mailing list
> general@openid.net
> http://openid.net/mailman/listinfo/general
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
_______________________________________________
general mailing list
general@openid.net
http://openid.net/mailman/listinfo/general
</PRE></DIV></BODY></HTML>