openid.delegate explained.
Josh Hoyt
josh at janrain.com
Wed Oct 4 07:23:49 UTC 2006
On 10/3/06, Martin Atkins <mart at degeneration.co.uk> wrote:
> And all you've achieved here is to hand your identifier over to Brad.
Not at all! My IdP will only accept my credentials. If Brad pointed
his identifier to my IdP, he'd have handed it over to me, but there is
no way that he can use MY IdP even though it would make an assertion
about /his/ URL.
> But I agree with you that the delegate identifier might as well just be
> an opaque string per the current spec. This is not inconsistent with my
> post yesterday saying that delegation should be the only case, not a
> special case. There's no disadvantage to this, since the identifier you
> present to your IdP *can* be the same as the one you present to RPs, but
> if delegate is the only mode of operation then it makes the spec simpler
> and thus easier to understand.
I have always thought of the delegate field as implicitly being the
identifier itself when it is not specified. Are you suggesting
requiring a delegate tag?
Josh
More information about the specs
mailing list