<br><br><div class="gmail_quote">On Fri, Nov 7, 2008 at 11:57 PM, Martin Atkins <span dir="ltr"><<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="Ih2E3d">Allen Tom wrote:<br>
> How does someone delegate their OpenID URL to Google?<br>
><br>
> Putting following into the <head> section of the OpenID page:<br>
><br>
> <link rel="openid2.provider" href="<a href="https://www.google.com/accounts/o8/ud" target="_blank">https://www.google.com/accounts/o8/ud</a>" /><br>
><br>
> seems to allow *any* user with a Google account to sign in with the<br>
> delegated OpenID.<br>
><br>
<br>
</div>I'm not sure I'm completely understanding the situation you're<br>
describing, but unless the openid.identity in the returned assertion<br>
matches the value of openid2.local_id discovered from openid.claimed_id,<br>
the RP should fail because the delegation is invalid.<br>
<br>
If you just put in the openid2.provider value and no openid2.local_id,<br>
then you're effectively giving Google's OP carte blanche to make<br>
assertions about that identifier, though I'm not sure why they would<br>
make assertions about URLs outside of their own domain.<br>
<div><div></div><div class="Wj3C7c"></div></div></blockquote><div><br></div><div>The way I read the spec, omitting local_id in the <head> section means that the RP's library must set it to be equal to the claimed id in their request ( Section 9.1: "If a different OP-Local Identifier is not specified, the claimed identifier MUST be used as the value for openid.identity.") Of course, your claimed id is whatever URL you're delegating from, which is not a valid op-local id at Google. </div>
<div><br></div><div>Dirk.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div class="Wj3C7c"><br>
<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>