On Sun, Nov 15, 2009 at 11:31 AM, "Martin v. Löwis" <mar...@v.loewis.de> wrote: > > > Well, when I login my registered ID is www.voidspace.org.uk and *not* > > fuzzyman.myopenid.com - so I believe you are incorrect (and in fact this > > very point was touted as one of the advantages of openid - that your > > account is independent of your provider and that you *can* change > > provider whilst retaining the same id). > > On the wire (between relying party and provider), voidspace.org.co.uk > does never appear. From the OpenID 1.1 specification: > > # Now, when a Consumer sees that, it'll talk to > # http://www.livejournal.com/openid/server.bml and ask if the End User > # is exampleuser.livejournal.com, never mentioning www.example.com > # anywhere on the wire. > > So all I (as a relying party) get verifyied is fuzzyman.myopenid.com. > Why should I trust that voidspace.org.uk is actually a valid ID?
Since the user entered voidspace.org.uk, they presumably believe it's an address they control. You have to assume they delegated to another provider on purpose. > Can't you then produce hundreds of IDs, all delegating to the same > identity? Yes. > IOW, why should I (as a relying party) pay any attention to the ID > that you entered, rather than to what I get actually validated? Because the user entered the value they wanted as their identity. This is the reason delegation even exists in the spec. In fact, the very next line after the section you quoted is: # The main advantage of this is that an End User can keep their Identifier # over many years, even as services come and go; they'll just keep # changing who they delegate to. If the provider dictates the identity, as you keep insisting, that sentence makes no sense whatsoever. The value entered as the identifier is the identifier you should use. Otherwise, what's the point of delegation at all? > Regards, > Martin > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > http://mail.python.org/mailman/options/python-dev/carey.tilden%40gmail.com _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
