Hello,
I am new to this group and OpenID in general so apologies if I repeat
questions already asked here before. I did try to read a few months of
backlog to catchup.
I've spent the past 10 days implementing OpenID support for session
authentication. I am currently working on an OpenId
I am not sure if this belongs in the spec list, but I'll give it a try.
I would like to suggest adding some text to section 11.1 (or anywhere else
that's appropriate) that will provide guidelines for using OpenID in a
scenario where the OpenID RP is not the site the user is actually using. The
You should probably check out OAuth:
http://groups.google.com/group/oauth, and its draft spec
http://openauth.googlegroups.com/web/OAuth%201.0%20-%20Draft.rtf?gda=s1UWzkYySf4xbkOgHBZma37zlp9GzEEF__EUK3CcB8RrKx_-nmG1qiJ7UbTIup-M2XPURDT_25fdK7wDxUtwqL26wW_WahD8rT1PnKl_iYB0spTcFQ.
Eran