Unless I'm misunderstanding, that will work with the OpenID Connect proposal.I have <https://davidrecordon.com/>https://davidrecordon.com/ and have signed up for Example Server which lets me specify a custom user identifier. LRDD on <http://davidrecordon.com>davidrecordon.com points to the token endpoint on <https://example-server.com/>https://example-server.com/. Example Server then issues <https://davidrecordon.com/>https://davidrecordon.com/ as the user identifier.
Then, reading "Example Server" as "http://example-server.com/";, it seems like an extra step of user-verification for the RP would be prudent: "Your unique URL is reported as the OP's, click OK to have this be your permanent associable identifier on the web, click Cancel if you wanted another."
Or the OP could have pre-associated, so the custom user identifier should be up-front when account linking is about to take place.
-Shade
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
