22 Jul 16:03
Re: [OpenID] choosing endpoint after performing discovery on claimed_id from response
From: James Tindall <james <at> atomless.com>
Subject: Re: [OpenID] choosing endpoint after performing discovery on claimed_id from response
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-22 14:03:29 GMT
Subject: Re: [OpenID] choosing endpoint after performing discovery on claimed_id from response
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-22 14:03:29 GMT
Ah, to answer my own (silly?) question - If running in stateless mode then association would not have been even attempted - so the RP should be fairly confident that the endpoint to choose is the first in the priority list? James Tindall wrote: > Suppose a relying party is operating under stateless mode. Suppose also > that the discovery phase for the given claimed_id returned more than one > endpoint. Then suppose that association attempts failed on at least one > of the endpoints but then succeeded on one of the other endpoints > further down the priority order. Then upon receiving the authentication > (id_res) response from the chosen OP the RP must perform discovery on > the claimed_id contained in the response in order to be able to verify > the response data against discovered data. But then if, as is probable, > the discovery phase again returns more than one endpoint, how is the RP > to choose which one to verify the response data against? > > =james.tindall > > > _______________________________________________ > general mailing list > general <at> openid.net > http://openid.net/mailman/listinfo/general > >
RSS Feed