If we assume web finger will be used to advertise the user's OpenID provider, it would appear in the XRD document. So, a Relaying Party might query google.com and get an XRD document for me that points to yahoo.com for
Which is all well and fine if you trust google.com; standard complications, such as trust issues and MultiAuth and the nonfeasibility of having users remember their cosignature fingerprints, apply.
I'm still not clear on what you are suggesting. That's not to mean you don't have an interesting idea, but I do not understand the proposal and how it would be better than using data inside XRD documents.
I'm not addressing that part, though I'm agnostic about whether the query returns an XRD document or a GET string. I'm thinking more along the lines of joint ownership as multiple sponsors; i.e., a blogger accepts offers from Google *and* Yahoo (not to declare exclusive loyalty to either interest) for, if not advertising rights, perhaps just the Identity group each has formed to try leveraging OpenID (like Microsoft recognizes experts with MVPS - and offers them webhosting at mvps.org), assuming they ever do start something like that.
Or a particular website/community might be started as a joint venture between otherwise competing companies, but point back to some combination of those company's sites for OpenID instead of handling the hosting itself. Which is basic delegation; I think what I'm seeing here is more of a particular use-case to try bridging between the walled gardens, than any new application of the proposed technology.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
