<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">

</head>

<body bgcolor="#ffffff" text="#000000">

James Henstridge wrote:<br>

<br>

Thanks for your reply...<br>

<blockquote

 cite="mid:a7e835d40802021844n6acd2e27k12cd2b44f80087a7@mail.gmail.com"

 type="cite">

  <pre wrap="">

When used in directed identity mode, the OP can pick the identity:

    <a class="moz-txt-link-freetext" href="http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication">http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication</a>

Of course, the OP is restricted to returning identities that it is

authoritative for.  This is what allows any yahoo user to enter

"yahoo.com" as their OpenID identifier while still letting RPs tell

them apart.

  </pre>

</blockquote>

Right, that's what I thought...What does it have to return however? Is

it enough to return [openid_identity] =&gt;

<a class="moz-txt-link-freetext" href="https://somenick.domain.com/">https://somenick.domain.com/</a>, [openid_claimed_id] =&gt;

<a class="moz-txt-link-freetext" href="https://domain.com/">https://domain.com/</a> ? <br>

<blockquote

 cite="mid:a7e835d40802021844n6acd2e27k12cd2b44f80087a7@mail.gmail.com"

 type="cite">

  <pre wrap="">

My point was that in cases where you do want to limit things to a

single OP, it is worth considering this mode, since it does not

require the user to enter any credentials (username or password) at

the RP site.</pre>

</blockquote>

Yes, that is rather easy. Somewhat more tricky gets when you want to

use a group of providers and ban certain providers. All doable, but not

standardized yet....e.g. white/black lists.<br>

<br>

<br>

<div class="moz-signature">-- <br>

<table border="0" cellpadding="0" cellspacing="0">

  <tbody>

    <tr>

      <td colspan="2">Regards </td>

    </tr>

    <tr>

      <td colspan="2"> </td>

    </tr>

    <tr>

      <td>Signer: </td>

      <td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>

    </tr>

    <tr>

      <td>Jabber: </td>

      <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>

    </tr>

    <tr>

      <td>Blog: </td>

      <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>

    </tr>

    <tr>

      <td>Phone: </td>

      <td>+1.213.341.0390</td>

    </tr>

    <tr>

      <td colspan="2"> </td>

    </tr>

  </tbody>

</table>

</div>

</body>

</html>