Consolidated Delegate Proposal

Recordon, David drecordon at verisign.com
Sun Oct 8 23:45:45 UTC 2006


Read through it, and I'm liking how it really clears up delegation.  A
few questions:

1) In case 1, is what the user typed in every sent from the RP to the
IdP?  What if it is an OpenID Auth 2.0 IdP, but the user entered their
identifier on the RP?  Or in the case where the IdP supports multiple
identifiers for the user, shouldn't the RP send what the user entered so
the user doesn't have to choose it again at their IdP?

2) This may also be part of my first question, but why is there such a
delta between case 1 and cases 2 and 3?  How does the RP know to use
case 1 versus case 2, they seem quite similar in their explanation?

3) What is openid.display used for?

4) In the rules, don't you mean the IdP must return the value of the
rp_user_id for the RP to key off of, not the value of identity?

I think this is getting there, just either needs to be tightened up or
the different flows better explained.

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Drummond Reed
Sent: Friday, October 06, 2006 9:18 PM
To: specs at openid.net
Subject: Consolidated Delegate Proposal

At David's suggestion, to make it easier to follow, I've posted what I
believe is a consolidated delegate proposal at:

	http://www.lifewiki.net/openid/ConsolidatedDelegationProposal

This incorporates Josh's original, Martin's, Josh's amendment, and my
amendment to Josh's. 

Josh and Martin, please look this over and either make changes or
comment as needed. It will be wonderful to finally close this issue.

=Drummond 


_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs




More information about the specs mailing list