Building identity on top of OAuth 2.0?
SitG Admin
sysadmin at shadowsinthegarden.com
Sun May 16 22:34:40 UTC 2010
>Unless I'm misunderstanding, that will work with the OpenID Connect proposal.
>
>I have <https://davidrecordon.com/>https://davidrecordon.com/ and
>have signed up for Example Server which lets me specify a custom
>user identifier. LRDD on <http://davidrecordon.com>davidrecordon.com
>points to the token endpoint
>on <https://example-server.com/>https://example-server.com/. Example
>Server then issues
><https://davidrecordon.com/>https://davidrecordon.com/ as the user
>identifier.
Then, reading "Example Server" as "http://example-server.com/", it
seems like an extra step of user-verification for the RP would be
prudent: "Your unique URL is reported as the OP's, click OK to have
this be your permanent associable identifier on the web, click Cancel
if you wanted another."
Or the OP could have pre-associated, so the custom user identifier
should be up-front when account linking is about to take place.
-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100516/6dc559fb/attachment.htm>
More information about the specs
mailing list