Yes, RPs <span class="Apple-style-span" style="font-style: italic;">must</span> follow redirects to find the claimed identifier as part of discovery and/or assertion verification. And you definitely do <span class="Apple-style-span" style="font-style: italic;">not</span> want your personal identifier URL to redirect to Google's OP Identifier as I think you've suggested, or else directed identity will end up clashing with your personal identifier and web sites will think you're claiming the OP Identifier as your own personal identifier, and discovery would either fail or go badly awry.<br>
<br><div class="gmail_quote">On Wed, Oct 29, 2008 at 11:03 AM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Shame on me, as I've already forgotten the spec I studied last year.<br>
<br>
does compliance require the RP to follow redirects to learn the "fully normalized" OP identifier?<br>
<br>
i.e. ifI type in to the RP "<a href="http://home_pw.org/openid" target="_blank">home_pw.org/openid</a>" (hosted by google's DNS contractor) and that DNS server offers the i-broker-like 302 redirect service to <a href="http://www.google.com/accounts/o8/id" target="_blank">http://www.google.com/accounts/o8/id</a> identifier, that's fine as my local name for GoogleIDP, no?<br>
<div class="Ih2E3d"><br>
<br>
-----Original Message-----<br>
From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>] On Behalf Of Dick Hardt<br>
Sent: Wednesday, October 29, 2008 10:54 AM<br>
To: Breno de Medeiros<br>
Cc: Joseph Smarr; OpenID List<br>
</div><div><div></div><div class="Wj3C7c">Subject: Re: [OpenID] Google OpenID IDP is now live<br>
<br>
"<a href="http://www.google.com/accounts/o8/id" target="_blank">www.google.com/accounts/o8/id</a>"?<br>
<br>
gosh, I'll remember that one! :-)<br>
<br>
Given the non memorable openid generated by Google, I'd be interested<br>
in how Google thinks users will login with their OpenID if they can't<br>
type in <a href="http://gmail.com" target="_blank">gmail.com</a> or <a href="http://google.com" target="_blank">google.com</a> -- these should work. Will they?<br>
<br>
-- Dick<br>
<br>
On 29-Oct-08, at 10:38 AM, Breno de Medeiros wrote:<br>
<br>
> At this point, you can discover using <a href="http://www.google.com/accounts/o8/id" target="_blank">www.google.com/accounts/o8/id</a> as<br>
> your OP identifier if you so wish. However, initially we will require<br>
> registration. Thanks.<br>
><br>
> On Wed, Oct 29, 2008 at 10:30 AM, Andrew Arnott <<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a><br>
> > wrote:<br>
>> Forgive my apparent ignorance, but this doesn't look like a<br>
>> standard OpenID<br>
>> Provider. I just tried to log into my own RP typing in<br>
>> "<a href="http://google.com" target="_blank">google.com</a>" to use<br>
>> directed identity, since I have no idea what my own identifier URL<br>
>> would be,<br>
>> and no endpoints were found. Also tried "<a href="http://gmail.com" target="_blank">gmail.com</a>".<br>
>> When I read the blog, it mentioned OpenID but the link was to<br>
>> register for<br>
>> federated login. I thought Shibboleth was about federated login<br>
>> and OpenID<br>
>> was about letting any RP log into an IDP. Why does an RP have to<br>
>> register<br>
>> with Google before using its IDP? And even if it registered, that<br>
>> can't<br>
>> automatically make "<a href="http://google.com" target="_blank">google.com</a>" discoverable, so this doesn't feel<br>
>> like<br>
>> OpenID at all to me.<br>
>><br>
>> Unhappy, but hoping someone can explain it to me.<br>
>> On Wed, Oct 29, 2008 at 9:02 AM, Eric Sachs <<a href="mailto:esachs@google.com">esachs@google.com</a>><br>
>> wrote:<br>
>>><br>
>>> Google's IDP is now live. You can try it on Plaxo, ZoHo, & Buxfer<br>
>>> and<br>
>>> hopefully more RPs to come soon. Here is the blog post with more<br>
>>> details,<br>
>>> including information on how RPs can sign up to use the service:<br>
>>><br>
>>><br>
>>> <a href="http://google-code-updates.blogspot.com/2008/10/google-moves-towards-single-sign-on.html" target="_blank">http://google-code-updates.blogspot.com/2008/10/google-moves-towards-single-sign-on.html</a><br>
>>><br>
>>> And yes, it does allow RPs to request a user's E-mail address via<br>
>>> AX as an<br>
>>> option. I'll let Joseph Smarr from Plaxo respond with details on<br>
>>> how they<br>
>>> are using that feature to further simplify the signup flow for<br>
>>> Plaxo.<br>
>>> Eric Sachs<br>
>>> Product Manager, Google Security<br>
>>> _______________________________________________<br>
>>> general mailing list<br>
>>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> general mailing list<br>
>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>><br>
>><br>
><br>
><br>
><br>
> --<br>
> --Breno<br>
><br>
> +1 (650) 214-1007 desk<br>
> +1 (408) 212-0135 (Grand Central)<br>
> MTV-41-3 : 383-A<br>
> PST (GMT-8) / PDT(GMT-7)<br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>