Use Case: should RPs remember identifiers?
Dick Hardt
dick at sxip.com
Sat Dec 2 18:09:00 UTC 2006
On 30-Nov-06, at 12:59 PM, David Fuelling wrote:
>
> Secondly, what happens if a user specifies a given OpenId
> Identifier at the
> RP (say, http://bob.example.com), but then logs into the
> example.com IdP/OP
> as beth (OpenId Identifier http://beth.example.com). Where does
> the OpenId
> process fail, or does it? Since OpenId RP's can handle a specific
> Id, as
> well as just an OP Url, should the OP simply assert on behalf of
> beth in
> this case, even though bob's id was specified at the RP?
>
> I guess I'm a bit hazy on the spec here. Does the spec mandate
> that a user
> MUST login to the OP using the OpenId URL/user that was entered on
> the RP?
> This has bearing on whether C or D (or E) is preferable in my mind.
There was some discussion on this, and the spec says the identifier
in the response does NOT need to be the same as the identifier in the
request.
More information about the user-experience
mailing list