[PROPOSAL] bare response / bare request

Dick Hardt dick at sxip.com
Sat Sep 30 17:09:15 PDT 2006

Motivating Use Case
The IdP would like to allow the user to click a link on the IdP to  
login to an RP. This requires a bare response to be able to be sent.
A Trusted Party, acting as an RP would like to store a value at the  
IdP, but does not need the IdP to send the user back, a bare request  
is needed.

Proposed Implementation
bare request: if the openid.return_to parameter is missing or blank,  
then the IdP will not send the user back to the RP

bare response: sending a bare response is valid (not sure we need to  
do anything more then say it is OK to do)

More information about the specs mailing list