Just a guess that sourceforge probably worked because its OpenID support is old and buggy (no offense, anyone!) and if it only does OpenID 1.x, then RPs in that version did their own delegation management instead of giving the OPs a chance to change it.<div>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">2009/6/23 Tom Edwards <span dir="ltr"><<a href="mailto:t_edwards@btinternet.com">t_edwards@btinternet.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
I've tried both delegation URLs on several sites, but the only one that
recognises me as <a href="http://steamreview.org" target="_blank">steamreview.org</a> in either scenario is SourceForge. The
others I tried are:<br>
<ul>
<li><a href="http://getsatisfaction.com" target="_blank">getsatisfaction.com</a></li>
<li><a href="http://pbworks.com" target="_blank">pbworks.com</a></li>
<li><a href="http://wishlistr.com" target="_blank">wishlistr.com</a></li>
<li><a href="http://stackoverflow.com" target="_blank">stackoverflow.com</a></li>
</ul>
These all thought I was <a href="http://flickr.com/blah/" target="_blank">flickr.com/blah/</a> or <a href="http://yahoo.com/blah/" target="_blank">yahoo.com/blah/</a> - I was
only <a href="http://steamreview.org" target="_blank">steamreview.org</a> when delegating to
<a href="http://steamreview.org/openid/" target="_blank"><http://steamreview.org/openid/></a>.<br>
<br>
Yahoo only supports OpenID 2 while my server (PhpMyID) only supports
OpenID 1. Could this be making a difference?<br>
<br>
This process would be a lot more reliable if the <a href="http://openidenabled.com" target="_blank">openidenabled.com</a> test
suite was working.
:-(<div><div></div><div class="h5"><br>
<br>
Allen Tom wrote:
<blockquote type="cite">
Hi John - <br>
<br>
Your description accurately describes how the Yahoo OP is implemented,
and it is the RP's responsibility to keep track of the user's URL that
was delegated to the OP.<br>
<br>
One possible possible issue is that Flickr itself delegates to Yahoo,
so users are probably better off delegating to their default machine
generated Yahoo OpenID (of the form <a href="https://me.yahoo.com/a/" target="_blank">https://me.yahoo.com/a/</a><random
string>) than to to their Flickr Photos url.<br>
<br>
Tom - can you try delegating your personal URL to your default Yahoo
OpenID? This will eliminate the extra round trip to Flickr, which is
probably causing your problem. The easiest way to find out what your
Yahoo OpenID is to go here:<br>
<br>
<a href="http://openid.yahoo.com/" target="_blank">http://openid.yahoo.com/</a><br>
Click Get Started<br>
Type in your password<br>
and take a look at the identifiers at the bottom of the screen.<br>
<br>
Unfortunately, this doesn't seem to work on GetSatisfaction. :/<br>
Allen<br>
<br>
<br>
<br>
John Bradley wrote:
<blockquote type="cite">George,
<div><br>
</div>
<div>The combination of directed identity is still a real interop
issue because it is not well explained in openID 2.0.</div>
<div><br>
</div>
<div>When the claimed_id (less fragment) or the identity are
different in the response from the request the RP must rediscover the
openid.claimed_id.</div>
<div><br>
</div>
<div>If delegation was done the openid.identity must match the
LocalID in the XRD.</div>
<div><br>
</div>
<div>If the RP doesn't do this step anyone with a Yahoo account can
log into any openID that is delegated to Yahoo.</div>
<div><br>
</div>
<div>Yahoo is following the spec as intended. </div>
<div><br>
</div>
<div>There is an OSIS test for RPs to check if they are vulnerable
to
this.</div>
<div><br>
</div>
<div>If the second discovery verifies then 1 can still be used
safely
as the users identifier.</div>
<div><br>
</div>
<div>I had to sit Johnny Bufu down to explain it to me what they
intended when they wrote 2.0.</div>
<div><br>
</div>
<div>I couldn't extract the logic from the spec itself for the
delegating to a directed identity flow.</div>
<div><br>
</div>
<div>John B.</div>
<div><br>
<div>
<div>On 22-Jun-09, at 11:45 AM, <a href="mailto:general-request@openid.net" target="_blank">general-request@openid.net</a>
wrote:</div>
<br>
<blockquote type="cite"><span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-family:monospace">Date: Mon, 22
Jun 2009 11:44:03 -0400<br>
From: George Fletcher <<a href="mailto:gffletch@aol.com" target="_blank">gffletch@aol.com</a>><br>
Subject: Re: [OpenID] Delegation leading to new accounts on websites<br>
To: Andrew Arnott <<a href="mailto:andrewarnott@gmail.com" target="_blank">andrewarnott@gmail.com</a>><br>
Cc: "<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>"
<<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>><br>
Message-ID: <<a href="mailto:4A3FA6C3.9060305@aol.com" target="_blank">4A3FA6C3.9060305@aol.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>
Isn't one of the underlying issues the fact that there are really 3<span> </span><br>
identifiers in this scenario?<br>
1. the identifier entered by the user (claimed_id or i-name)<br>
2. the discovered/resolved identifier ("local_id" or "i-number")<br>
3. the identifier returned by the OP<br>
<br>
In the case of OpenID 2.0 protocol flow, the RP has to remember #1 and<span> </span><br>
send #2 as the openid.identity parameter. If the OP does NOT return<span> </span><br>
openid.identity == #2, then the OP has chosen to do directed identity<span> </span><br>
regardless of the request and the RP must throw out #1 and take #3 as<span> </span><br>
the user's identifier.<br>
<br>
This causes some weird user experience issues, but this is what we ran<span> </span><br>
into when implementing OpenID 2.0 Relying Party support.<br>
<br>
Thanks,<br>
George<br>
</span></span></blockquote>
</div>
<br>
</div>
<pre><hr size="4" width="90%">
_______________________________________________
general mailing list
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a>
</pre>
</blockquote>
<br>
</blockquote>
</div></div></div>
</blockquote></div><br></div>