OpenID 3.0
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Feb 4 02:55:09 UTC 2008
James Henstridge wrote:
Thanks for your reply...
> When used in directed identity mode, the OP can pick the identity:
>
> http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication
>
> Of course, the OP is restricted to returning identities that it is
> authoritative for. This is what allows any yahoo user to enter
> "yahoo.com" as their OpenID identifier while still letting RPs tell
> them apart.
>
Right, that's what I thought...What does it have to return however? Is
it enough to return [openid_identity] => https://somenick.domain.com/,
[openid_claimed_id] => https://domain.com/ ?
> My point was that in cases where you do want to limit things to a
> single OP, it is worth considering this mode, since it does not
> require the user to enter any credentials (username or password) at
> the RP site.
Yes, that is rather easy. Somewhat more tricky gets when you want to use
a group of providers and ban certain providers. All doable, but not
standardized yet....e.g. white/black lists.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080204/d58787e8/attachment-0002.htm>
More information about the specs
mailing list