Multiple values for one key in requests/responses
Hi, After reading the new draft specifications, I can't find a way to send multiple values with same key on a message. I started to think about this when I thought that it should be possible for the RP to tell the OP that multiple assoc_types are ok (and vice versa, if more hash functions are included in the future). Now even if the RP does support multiple algorithms, you can only choose one. Am I missing something, or is this a design choice? If so, could you point me to the reasoning (I've followed only the 2007 discussions regarding the new spec)? -- Tomi Pieviläinen, +358 400 487 504 "I will sit down now, but the time will come when you will hear me." - Benjamin Disraeli, 1st Earl of Beaconsfield signature.asc Description: Digital signature ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: [OpenID] OpenId & Yadis Question
David Fuelling wrote: > I'm wondering if the following is a correct interpretation of how OpenId 2.0 > uses Yadis. Any clarifications are appreciated. > > 1.) User navigates to an RP, and enters a Claimed Identifier (e.g., > http://sappenin.gmail.com). > > 2.) A Yadis doc is returned as follows: > > > http://specs.openid.net/auth/2.0/server > https://sappenin.com/ > > > > Specifically: > > A.) Is this the proper way to do delegation? Above, gmail.com is delegating > to sappenin.com. What you've given above isn't delegation, because no delegate identifier is given. I guess you wanted https://sappenin.com/ to be your identifier, in which case it would go in the element, with your provider's endpoint URL in . Also, the Type here should be http://specs.openid.net/auth/2.0/signon. You can also do it with LINK elements in an HTML document, as with OpenID 1 (though the "rel" values have changed a little). > B.) If a client gets the Yadis doc above (after navigating to gmail.com), > MUST they (or SHOULD they) navigate to sappenin.com and try to perform > discovery again? If so, how many delegates are allowed? Not specified? > Delegation isn't recursive. When given the above (corrected, of course), the site will try to verify https://sappenin.com/ against the given server immediately. Discovery is never performed on the LocalID in this case. This means that the nominated provider *must* be able to recognise the LocalID given. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: OpenId & Yadis Question
On 25-Feb-07, at 3:35 PM, David Fuelling wrote: > 1.) User navigates to an RP, and enters a Claimed Identifier (e.g., > http://sappenin.gmail.com). > > 2.) A Yadis doc is returned as follows: > > > http://specs.openid.net/auth/2.0/server > https://sappenin.com/ > > > A.) Is this the proper way to do delegation? Above, gmail.com is > delegating > to sappenin.com. No; in this way you just declare that the OpenID server for http:// sapenin.gmail.com is http://sapenin.com/. Also, if the RP uses this service element, it will send an "identifier_select" OpenID auth request. > B.) If a client gets the Yadis doc above (after navigating to > gmail.com), > MUST they (or SHOULD they) navigate to sappenin.com and try to perform > discovery again? If so, how many delegates are allowed? Not > specified? Only one level of delegation. Performing discovery on an URI in a service element is not part of the yadis spec. Johnny ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
OpenId & Yadis Question
I'm wondering if the following is a correct interpretation of how OpenId 2.0 uses Yadis. Any clarifications are appreciated. 1.) User navigates to an RP, and enters a Claimed Identifier (e.g., http://sappenin.gmail.com). 2.) A Yadis doc is returned as follows: http://specs.openid.net/auth/2.0/server https://sappenin.com/ Specifically: A.) Is this the proper way to do delegation? Above, gmail.com is delegating to sappenin.com. B.) If a client gets the Yadis doc above (after navigating to gmail.com), MUST they (or SHOULD they) navigate to sappenin.com and try to perform discovery again? If so, how many delegates are allowed? Not specified? Thanks! David ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs