[OpenID] identify RP when it gets OpenID URL

[Manger, James H]

The User-Agent field does not have the right semantics. I hope that field could be used, for instance, to notice which Relying Parties are using a particular version of Janrain’s Java library for OpenID. It is probably reasonable for Bloglines, Google etc to identify themselves in the User-Agent field as they probably use proprietary purpose-built clients. Most OpenID RPs will not use proprietary clients.

The From field feels more appropriate for this OpenID purpose.

 

 

________________________________

From: John Panzer [mailto:jpanzer at acm.org] 
Sent: Wednesday, 17 October 2007 2:36 PM
To: Manger, James H
Cc: specs at openid.net
Subject: Re: [OpenID] identify RP when it gets OpenID URL

 

Wouldn't User-Agent: be equivalent, and have prior art (feed readers such as Bloglines identify themselves via User-Agent)?

Manger, James H wrote: 

…

 “The Relying Party MUST include a From HTTP header field in each HTTP request made during discovery. The From field holds an email address for the RP (eg From: openid at example.net) [RFC2616]. This enables the discovered information to vary based on the RP. The From field is not authenticated so it is not appropriate to use for access control.”

 …

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20071017/8e55ce80/attachment-0002.htm>