<div class="gmail_quote">On Thu, Feb 3, 2011 at 5:07 AM, Kleber - Corujito <span dir="ltr"><<a href="mailto:corujito@gmail.com" target="_blank">corujito@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi everyone! I'm new here and I have some doubts.<div><br></div><div>OP returns something that identifiers users uniquely.</div><div><br></div><div>Must (or should) OP return always the same identifier for an user?</div>
<div>if not, that is bad to RPs, isn't?<br clear="all"></div></blockquote><div>Generally yes. However, "directed identity" allows an OP to always send the same claimed identifier to an individual RP, but each individual RP gets a unique claimed id for the same user. Thus each RP sees the same id, but across multiple RPs the identifier varies, so that RPs can't correlate user data. Google is the only (large) OP that I know of that leverages this capability.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br></div><div>I noticed that I have different ways to use my Google openid and each one may return something different (or RPs are doing something wrong).</div>
<div>
ex:</div><div>1. <a href="https://www.google.com/accounts/o8/id" target="_blank">https://www.google.com/accounts/o8/id</a> (OP identifier)</div><div>2. <a href="http://google.com/profiles/LOGIN" target="_blank">http://google.com/profiles/LOGIN</a></div>
<div>
3. <a href="http://www.google.com/profiles/1234567890" target="_blank">http://www.google.com/profiles/1234567890</a></div>
<div>4. <a href="https://www.google.com/accounts/o8/id?id=blablablablabla" target="_blank">https://www.google.com/accounts/o8/id?id=blablablablabla</a></div><div><br></div></blockquote><div><br></div><div>Google has 3 distinct OPs. Their primary one which uses directed identity, and accounts for #4 (claimed id) and #1 (OP identifier) on your list. Then Google Profiles has an OP that does <i>not</i> use directed identity, which is #2/#3 on your list (people can choose whether the identifier is your login name or not). </div>
<div>Their third OP isn't on your list -- it's the OpenID 1.1 OP that is behind their Blogger service. As the version number implies, it's been long in need of an update, or <a href="http://blog.nerdbank.net/2010/03/how-to-upgrade-your-blogger-openid-to.html" target="_blank">a replacement</a>. </div>
</div>