section 11. Verifying Assertions
Todd Kaplinger
todkap at us.ibm.com
Mon Jul 28 15:41:18 UTC 2008
Hi,
I am in the process of implementing verification of assertions. Based
upon reading the various sections of the specification, I can see how we
could could persist some of the information such as returnToURL and the
discovery information in some persistent store (such as session). However,
I am not able to figure out how we could implement this type of support
without persisting the information.
Is there a way to leverage a callback to the OP after the authentication
request is returned to the Relying Party that could retrieve this
information and perform the verfication without persisting this
information?
Thank you
Todd Kaplinger
Project Zero Architecture and Development
http://www.projectzero.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080728/dcb0a70b/attachment-0001.htm>
More information about the specs
mailing list