On 02/02/2008, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
> Yes, I also wonder why the IDP can't just return the ID. As of now I think 
> it's
> two steps for this, with the RP explicit requesting it? Or am I wrong with 
> that?

When used in directed identity mode, the OP can pick the identity:

    
http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication

Of course, the OP is restricted to returning identities that it is
authoritative for.  This is what allows any yahoo user to enter
"yahoo.com" as their OpenID identifier while still letting RPs tell
them apart.

My point was that in cases where you do want to limit things to a
single OP, it is worth considering this mode, since it does not
require the user to enter any credentials (username or password) at
the RP site.

James.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to