On 10/10/06, Dick Hardt <[EMAIL PROTECTED]> wrote: > My proposal was pretty much your proposal with a couple tweaks > (sorry, I should have listed these to make it clearer)
> - the IdP can return a different identity then the one the RP sent over I question whether this is something we want to encourage. I think it's a separate issue from the delegation mechanism. If the user wants to choose an identifier, he'll use IdP-driven selection instead of entering an identifier. I don't feel strongly about this, but I do feel strongly that this should be decoupled from the delegation discussion. > - since the delegate is only used by the IdP, the spec can be > simplified (in fact, this can be out of band of the spec since it is > a protocol between the user and the IdP, the RP is not involved) This was exactly my original proposal: "A request for a delegated identifier and a request for a non-delegated identifier would be the same for the relying party, and the final, verified identifier would always be included in the request/response." Josh _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs