<html><head><base href="x-msg://25/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Yes that is what I meant by other issues:) I don't think the various Google OP are likely to consolidate any time soon.<div><br></div><div>John B.<br><div><div>On 2011-02-03, at 2:38 PM, <a href="mailto:sknvn-openid@yahoo.com">sknvn-openid@yahoo.com</a> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font-family: arial, helvetica, sans-serif; font-size: 12pt; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br>Other options? i.e. merge three OPs into one? How is that going to work for existing RPs who have the identifier from two OPs that are going away?<br>The problem is that for an OP there is no way to migrate the identifier (hey RP, here was the old one and here is the new one you should use). Unless that is added into the protocol the migration is probably not going to happen. The worse part is that each and every RP would have to make a change to support it and I am sure for some RPs this may not be trivial.<br><br>Thanks<br><br>Naveen<br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font-family: arial, helvetica, sans-serif; font-size: 12pt; "><br><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "><font face="Tahoma" size="2"><hr size="1"><b><span style="font-weight: bold; ">From:</span></b><span class="Apple-converted-space"> </span>Kleber - Corujito <<a href="mailto:corujito@gmail.com">corujito@gmail.com</a>><br><b><span style="font-weight: bold; ">To:</span></b><span class="Apple-converted-space"> </span>John Bradley <<a href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a>><br><b><span style="font-weight: bold; ">Cc:</span></b><span class="Apple-converted-space"> </span>openid-general <<a href="mailto:openid-general@lists.openid.net">openid-general@lists.openid.net</a>><br><b><span style="font-weight: bold; ">Sent:</span></b><span class="Apple-converted-space"> </span>Thu, February 3, 2011 9:03:02 AM<br><b><span style="font-weight: bold; ">Subject:</span></b><span class="Apple-converted-space"> </span>Re: [OpenID] Doubt about identifier<br></font><br><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Thanks guys</div><br><div class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">On Thu, Feb 3, 2011 at 2:49 PM, John Bradley<span class="Apple-converted-space"> </span><span dir="ltr"><<a rel="nofollow" ymailto="mailto:ve7jtb@ve7jtb.com" target="_blank" href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a>></span><span class="Apple-converted-space"> </span>wrote:<br><blockquote class="gmail_quote" style="margin-top: 0pt; margin-right: 0pt; margin-bottom: 0pt; margin-left: 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; word-wrap: break-word; ">You are correct. The user is using two separate OP. They return different identifiers.<div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">The confusion is that all of the OP happen to be controlled by Google. </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">It is a deployment choice by Google, not a design flaw in the protocol. They do have other options, though trying to merge the Blogger openID with the Google ones creates other issues.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">John B.<br><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "></div><div class="h5" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">On 2011-02-03, at 1:39 PM, Kleber - Corujito wrote:</div><br></div></div><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "></div><div class="h5" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Thanks for the reply.<div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">- Let's imagine an individual RP.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">- user uses a Google button to authenticate (OP identifier)</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">here Google will return an identifier like <span style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><a rel="nofollow" target="_blank" href="https://www.google.com/accounts/o8/id?id=blablablablabla" style="color: rgb(0, 0, 204); ">https://www.google.com/accounts/o8/id?id=blablablablabla</a></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">- another day the same user try to authenticate using a URL (not a Google button) <span style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><span><a target="_blank" href="http://google.com/profiles/LOGIN">http://google.com/profiles/LOGIN</a></span></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">here Google will return an identifier different from the first to the same RP (return <span style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; "><a rel="nofollow" target="_blank" href="http://google.com/profiles/LOGIN" style="color: rgb(0, 0, 204); ">http://google.com/profiles/LOGIN</a></span>).</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">In this case would return different identifiers for the same user and same RP.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Am I wrong?</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br><div class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">On Thu, Feb 3, 2011 at 12:48 PM, Andrew Arnott<span class="Apple-converted-space"> </span><span dir="ltr"><<a rel="nofollow" ymailto="mailto:andrewarnott@gmail.com" target="_blank" href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span><span class="Apple-converted-space"> </span>wrote:<br><blockquote class="gmail_quote" style="margin-top: 0pt; margin-right: 0pt; margin-bottom: 0pt; margin-left: 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex; "><div class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">On Thu, Feb 3, 2011 at 5:07 AM, Kleber - Corujito<span class="Apple-converted-space"> </span><span dir="ltr"><<a rel="nofollow" ymailto="mailto:corujito@gmail.com" target="_blank" href="mailto:corujito@gmail.com">corujito@gmail.com</a>></span><span class="Apple-converted-space"> </span>wrote:<br><blockquote class="gmail_quote" style="margin-top: 0pt; margin-right: 0pt; margin-bottom: 0pt; margin-left: 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex; ">Hi everyone! I'm new here and I have some doubts.<div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">OP returns something that identifiers users uniquely.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Must (or should) OP return always the same identifier for an user?</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">if not, that is bad to RPs, isn't?<br clear="all"></div></blockquote></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Generally yes. However, "directed identity" allows an OP to always send the same claimed identifier to an individual RP, but each individual RP gets a unique claimed id for the same user. Thus each RP sees the same id, but across multiple RPs the identifier varies, so that RPs can't correlate user data. Google is the only (large) OP that I know of that leverages this capability.</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><blockquote class="gmail_quote" style="margin-top: 0pt; margin-right: 0pt; margin-bottom: 0pt; margin-left: 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">I noticed that I have different ways to use my Google openid and each one may return something different (or RPs are doing something wrong).</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">ex:</div></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">1. <a rel="nofollow" target="_blank" href="https://www.google.com/accounts/o8/id">https://www.google.com/accounts/o8/id</a><span class="Apple-converted-space"> </span>(OP identifier)</div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">2. <a rel="nofollow" target="_blank" href="http://google.com/profiles/LOGIN">http://google.com/profiles/LOGIN</a></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><span>3. <a target="_blank" href="http://www.google.com/profiles/1234567890">http://www.google.com/profiles/1234567890</a></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">4. <a rel="nofollow" target="_blank" href="https://www.google.com/accounts/o8/id?id=blablablablabla">https://www.google.com/accounts/o8/id?id=blablablablabla</a></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div></blockquote><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><br></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Google has 3 distinct OPs. Their primary one which uses directed identity, and accounts for #4 (claimed id) and #1 (OP identifier) on your list. Then Google Profiles has an OP that does<span class="Apple-converted-space"> </span><i>not</i> use directed identity, which is #2/#3 on your list (people can choose whether the identifier is your login name or not). </div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Their third OP isn't on your list -- it's the OpenID 1.1 OP that is behind their Blogger service. As the version number implies, it's been long in need of an update, or<span class="Apple-converted-space"> </span><a rel="nofollow" target="_blank" href="http://blog.nerdbank.net/2010/03/how-to-upgrade-your-blogger-openid-to.html">a replacement</a>. </div></div></blockquote></div><br><br clear="all"><br>--<span class="Apple-converted-space"> </span><br>Kleber Manoel Infante (Corujito)<br></div></div></div>_______________________________________________<br>general mailing list<br><a rel="nofollow" ymailto="mailto:general@lists.openid.net" target="_blank" href="mailto:general@lists.openid.net">general@lists.openid.net</a><br><span><a target="_blank" href="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</a></span><br></blockquote></div><br></div></div></blockquote></div><br><br clear="all"><br>--<span class="Apple-converted-space"> </span><br>Kleber Manoel Infante (Corujito)<br></div></div></div></div></span></blockquote></div><br></div></body></html>