On 02/02/2008, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: > Yes, I also wonder why the IDP can't just return the ID. As of now I think > it's > two steps for this, with the RP explicit requesting it? Or am I wrong with > that?
When used in directed identity mode, the OP can pick the identity: http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication Of course, the OP is restricted to returning identities that it is authoritative for. This is what allows any yahoo user to enter "yahoo.com" as their OpenID identifier while still letting RPs tell them apart. My point was that in cases where you do want to limit things to a single OP, it is worth considering this mode, since it does not require the user to enter any credentials (username or password) at the RP site. James. _______________________________________________ specs mailing list firstname.lastname@example.org http://openid.net/mailman/listinfo/specs