I'm not sure if it would necessarily be thrown away, I guess it is
really up to the IdP. With two identifiers, it is pretty easy to pass
to the IdP and let it decide what it wants to do.
1) I enter [EMAIL PROTECTED] as my identifier on the RP
2) RP does discovery on recordon.name and finds my
Hey Adam,
Thanks for the insight! I know, as Dick described, there was a design
decision made in terms of enabling payloads larger than 2Kb within
OpenID Authentication requests and responses. With that said, there are
other approaches, such as using GET requests and including a token to
Solution 1 seems like the most simple. openid2 is a bit ugly, but
does resolve the problem. Otherwise we'd have to do something like
Yadis discovery against the server endpoint which would make things more
complicated and meta.
--David
-Original Message-
From: [EMAIL PROTECTED]
The problem with that proposal is that the maintenance of the HTML
file and the maintenance of the server version is performed by
different people, and that means it is impossible that they are
consistent ;-)
What about adding a version parameter to each response from the
endpoint?
On
