On Wed, May 14, 2008 at 11:20 AM, Martin Atkins [EMAIL PROTECTED] wrote:
* The RP, when verifying that the openid.claimed_id URL in the
assertion is valid, checks only that the openid2.provider value is
correct, and doesn't check that the openid2.local_id value matches
(after removing the
Arrgh! I'm horrible with names. See below for corrected text.
On Wed, May 21, 2008 at 4:03 PM, John Ehn [EMAIL PROTECTED] wrote:
Josh,
I'm tending to agree with Martin on this one. I guess that statement does,
in a roundabout way, implies the Relying Party should do the following:
* Run
On Wed, May 21, 2008 at 1:03 PM, John Ehn [EMAIL PROTECTED] wrote:
I'm tending to agree with Martin on this one. I guess that statement does,
in a roundabout way, implies the Relying Party should do the following:
This is probably because I'm so familiar with the protocol and the
spec, but I'm