[security] Validating openid.identity in authenticationresponses
Bradescu, Roxana
rbradescu at verisign.com
Fri Nov 16 19:07:08 UTC 2007
It's unfortunate that users have to know which version of the protocol
sites are running to know what they can type into the login box.
Roxana Bradescu | VeriSign Innovation
-----Original Message-----
From: Johnny Bufu [mailto:johnny at sxip.com]
Sent: Friday, November 16, 2007 10:07 AM
To: Bradescu, Roxana
Cc: david at sixapart.com; Trevor Johns; security at openid.net
Subject: Re: [security] Validating openid.identity in
authenticationresponses
On 16-Nov-07, at 9:39 AM, Bradescu, Roxana wrote:
> David, I've noticed the use case you describe doesn't actually work
> at a
> many RP's. For example if I go to livejournal.com and just put in just
> my IDP pip.verisignlabs.com I get an error.
Directed identity is a 2.0 feature, while livejounal seems to be
speaking only 1.x.
Johnny
More information about the security
mailing list