Greetings,
Is it correct to say the spec (2.0) does not mandate a specific moment
in the protocol at which the RP/realm validation should occur?
For instance, the OP could first authenticate the user and then
perform RP verification or it could do that validation before
authenticating
the user. Although the latter seems more intuitive (and efficient)
would both
be compliant?
Cheers,
Hubert
--
Hubert A. Le Van Gong
Identity Architect
Sun microsystems, Inc.
17 Rue Duprey
Grenoble, 38000
France
--------------------------------------------------
email: [email protected]
tel:+33 4 7663 0935
blog: http://blog.levangong.com/
N 45 11.900'
W 005 44.145'
Elev. 736 ft.
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
