In the interest of making it easier to automate compatibility testing of OpenID RP libraries against many different OPs, what if something similar to the following were added to the OpenID spec:<br><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<br>OpenID Providers should consider hosting the following OpenID Identifiers for which positive or negative assertions will always be immediately generated with no interaction with the user agent in order to provide RPs under test to programmatically check their compatibility with your Provider:<br>
http://<span class="Apple-style-span" style="font-style: italic;">provider</span>/TestIdentifierAlwaysAssert (or <a href="http://TestIdentifierAlwaysAssert">http://TestIdentifierAlwaysAssert</a>.<span class="Apple-style-span" style="font-style: italic;">provider</span>/)<br>
http://<span class="Apple-style-span" style="font-style: italic; ">provider</span>/TestIdentifierAlwaysRefuse (or <a href="http://TestIdentifierAlwaysRefuse">http://TestIdentifierAlwaysRefuse</a>.<span class="Apple-style-span" style="font-style: italic;">provider</span>/)<br>
http://<span class="Apple-style-span" style="font-style: italic; ">provider</span>/TestIdentifierAssertOnSetup (or <a href="http://TestIdentifierAssertOnSetup">http://TestIdentifierAssertOnSetup</a>.<span class="Apple-style-span" style="font-style: italic; ">provider</span>/)<br>
<br>OpenID Relying Parties are recommended to default to rejecting these OpenID test identifiers to avoid users using them for purposes of anonymous login. <br></blockquote><div><br></div><div>I would love to write automated tests for DotNetOpenId that would check compatibility before each release with some of the major OPs, but since each OP requires login credentials, the only way I could automate it would be to hard-code a username and password in the test code. Even if I created an account at each of these Providers solely for testing purposes, because these credentials would become public as part of the library's tests, these credentials may become the next "anonymous identifier" that is reused at lots of RPs beyond testing purposes, annoying RPs, OPs and testers (when the OPs start canceling the accounts).</div>
<div><br></div><div>It seems to me a standardized set of accounts that both OPs and RPs understand the purpose of would mitigate this problem. DotNetOpenId has had a test identifier set up at <a href="http://nerdbank.net/OPAffirmative/AffirmativeIdentity.aspx">http://nerdbank.net/OPAffirmative/AffirmativeIdentity.aspx</a> and a few other places explictly for this purpose.</div>
<div><br></div><div>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
</div>