On 02/04/2008, Paul E. Jones <[EMAIL PROTECTED]> wrote:
> Brad,
> Your point about DNS limitations is valid.  Then again, anybody who will be
> offering the open identity server is likely going to have control over their
> DNS.  Still, I'm not opposed to alternatives.
> But, since you brought up the fact that one can enter yahoo.com and get
> redirected, I checked and, indeed, several OpenID sites already accept the
> e-mail ID as a form of identification—and I can get redirected to either
> Yahoo or MyOpenID.com.  So, do some of the libraries already check for
> e-mail address forms?  It seems that perhaps they do!

What you are seeing is probably not what you expect:

>>> from openid.consumer.discover import discover
>>> claimed_id, services = discover('[EMAIL PROTECTED]')
>>> for service in services:
...     print 'Local ID:', service.getLocalID()
...     print 'Server URL:', service.server_url
Local ID: None
Server URL: https://open.login.yahooapis.com/openid/op/auth
>>> claimed_id

What is happening is that "[EMAIL PROTECTED]" is being treated as
"http://[EMAIL PROTECTED]/".  As "http://yahoo.com"; results in an
identifier select endpoint that will work for any Yahoo user.

Note that the HTTP username isn't being used for anything here, and
you'll get the same result by just entering "yahoo.com".  I wonder if
the Yahoo guys had considered this, or if it is just a happy accident?

specs mailing list

Reply via email to