Re: [OpenID] choosing endpoint after performing discovery on claimed_id from response

Thanks Greg,

I think you're right - but it's possible that more than one endpoint in 
the xrds has the same op_endpoint as that supplied in the response - so 
it would be necessary to also compare other fields to select the best 
matching endpoint. This is making OpenID kind of a protracted process.

=james.tindall

Greg Byrd wrote:
> (1) Section 11.2 says that RP must perform discovery "[i]f the Claimed 
> Identifier was not previously discovered."  So I think you don't need 
> to do that second discovery step in your email.  But you said 
> stateless mode, so maybe you don't remember that you discovered the ID 
> in the first place, so...
>
> (2) The op_endpoint field is returned in id_res, so the verification 
> should just check whether any of the OPs returned from discovery match 
> the supplied op_endpoint.
>
> ...Greg
>
>
> James Tindall wrote:
>> Suppose a relying party is operating under stateless mode. Suppose 
>> also that the discovery phase for the given claimed_id returned more 
>> than one endpoint. Then suppose that association attempts failed on 
>> at least one of the endpoints but then succeeded on one of the other 
>> endpoints further down the priority order. Then upon receiving the 
>> authentication (id_res) response from the chosen OP the RP must 
>> perform discovery on the claimed_id contained in the response in 
>> order to be able to verify the response data against discovered data. 
>> But then if, as is probable, the discovery phase again returns more 
>> than one endpoint, how is the RP to choose which one to verify the 
>> response data against?
>>
>> =james.tindall
>>
>>
>> _______________________________________________
>> general mailing list
>> general <at> openid.net
>> http://openid.net/mailman/listinfo/general
>
>
>