The CanonicalID Approach
Josh Hoyt
josh at janrain.com
Mon Jun 11 17:58:43 UTC 2007
On 6/9/07, Martin Atkins <mart at degeneration.co.uk> wrote:
> I'm assuming that the RP authenticates
> http://inconvenient.example.com/0000001, not
> http://impersonation.example.com/mart. Just as with delegation, if I can
> successfully authenticate as the persistent identifier and the
> non-persistent identifier points at the persistent one, we can assume
> that http://impersonation.example.com/mart is "me" as well.
If you agree that:
1. In order to "authenticate as the persistent identifier," discovery
must be done on the persistent identifier
2. In order to determine that "the non-persistent identifier points at
the persistent one," discovery must be done on the non-persistent
identifier.
then two discovery steps are necessary in order to use this scheme.
Josh
More information about the specs
mailing list