The OP never sees @blog*lockbox, because that's just the user-supplied identifier, and the OP only sees the claimed identifier and the OP Local Identifier. <div><br></div><div>The OP needn't do CID verification checks IMO. It's not the OP's responsibility to perform discovery on said identifier. It's only role is to assert whether the OP Local Identifier user is logged into the OP and wants to log into the RP. It's up to the RP to ensure via discovery that the claimed_id and the local_id have a meaningful relationship.</div>
<div><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Tue, Aug 25, 2009 at 9:10 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p>User types “@<b>blog</b>*lockbox” at RP</p>
<p> </p>
<p>Discovery determines that XRD.canonicalid is !1234, and the XRD.SEP
has local-id=<a href="http://homepw.myopenid.com" target="_blank">homepw.myopenid.com</a></p>
<p> </p>
<p>This form of SEP implies that the user desires openid2-style
openid-delegation</p>
<p> </p>
<p>On receiving a request in which cid=!1234 and identifier=<a href="http://homepw.myopenid.com" target="_blank">homepw.myopenid.com</a>,
the OP ONLY responds IF it does a discovery on !1234, validates that cid-verification=true
(and sees that there exists SEP.local-id == request.openid.identity).</p>
<p> </p>
<p>Is it true that the OP does NOT know that the user typed
@blog*lockbox at the RP?</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
</div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
<br></blockquote></div><br></div>