See section 11.4.2. Verifying Directly with the OpenID Provider.
or encode your state in a signed cookie or the return_to URL or somesuch.
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
On Fri, 2008-03-21 at 09:38 -0700, Will Norris wrote:
Regardless of what specific spec addition we're talking about, I don't
think the technical difficulty to implement it should ever be a
determining factor in weighing the merit of the proposal.
I disagree here. We don't write specs just so
On Wed, 2008-03-19 at 23:54 +0900, James Henstridge wrote:
The fact that some sites incorrectly resolved the redirect to
/about/ is probably due to the non-standard response headers for
http://bytesexual.org/ -- it contains a relative URI reference in the
location header, while the spec
On Mon, 2008-03-10 at 11:27 +0100, Oliver Welter wrote:
1) Is an individual session dedicated to an Identifier/OP Combo, or is a
secret/session used for different Identifiers which are served by the
same OP?
Associations are for a pair of (RP, OP), usable for any communication
between them
On Fri, 2007-10-19 at 16:12 -0700, Johannes Ernst wrote:
[...] and after they had produced a spec, Rambus said but we have
some patents. This lead to at least one lawsuit I believe.
I have heard wildly diverging assessments on whether or not this
could happen here.
Ok, I'm looking for the
On Fri, 2007-10-19 at 10:02 -0700, Paul C. Bryan wrote:
On Thu, 2007-10-18 at 19:13 -0700, Dick Hardt wrote:
I don't see why the two processes need to be any more dependant on
each other then they are already.
With all due respect, why take the risk that there are intellectual
On Fri, 2007-05-18 at 22:21 +0200, Boris Erdmann wrote:
http://openid.net/specs/openid-authentication-2_0-11.html#anchor34
Should the document be placed under
http://relyingparty.com/ or http://relyingparty.com/return_to_url?
or does it have to be link rel'ed in every page?
For the proposed
Sorry it took me a few months to notice this, but xri://$dns? No. I'm
referring here to spec rev 274, the diff for which is attached. Can we
roll that patch back, please?
I'm not even sure where you're getting an XRI Syntax 2.1 reference from,
there's not so much as a working draft of it
On Tue, 2006-10-17 at 13:29 +1000, Chris Drake wrote:
Now - how comfortable are you with
the idea of letting 1.5 billion Chinese people use OpenID
Ideally we'd have the input of the SocialBrain Foundation on that.
Those are the folks who put together OpenID.cn. Has anyone on this list
talked
On Fri, 2006-10-06 at 13:26 +1000, Chris Drake wrote:
Is my understanding accurate: OpenID is unable to support single sign
on. If not - lets assume it's 9am. I just signed on. I can visit
RP#1 then RP#2 then RP#3 and go back and forth all day without
hindrance, until I next sign off - yes?
From http://www.lifewiki.net/openid/SeparateIdentifierFromIdPToken
(change #3):
Impact on XRI-based auth:
An XRI is, for this purpose, a URI that can be resolved into a URL at
which we can do Yadis discovery. Once Yadis discovery begins, flow
continues as in the original proposal, where
On Fri, 2006-10-06 at 16:34 -0700, Drummond Reed wrote:
Let me play the dumb customer here and say:
* A whole lot of real-world users would love OpenID-enabled bookmarks.
* A whole lot of websites would love to offer them.
* A whole lot of IdPs would love to provide them.
Okay Customer, if
On Sun, 2006-10-01 at 13:08 -0700, Recordon, David wrote:
It could be augmented to also contain a response parameter telling the
RP if the IdP acknowledged it, then the RP could make the decision if
it wants to proceed.
You will want that response parameter. Otherwise, couldn't I (as the
Re-writing all your applications every time a new technology pops up is
not a very efficient use of resources. New technologies that can
leverage an existing install base will likely fare better than those
that demand a completely clean slate. So I won't argue that existing
applications are
14 matches
Mail list logo