Ya, you're free to do RP verification before or after authentication. In fact some major OPs like Yahoo cache the results for 1 hour and thus don't actually perform RP verification most times at all (if it's in their cache)
On Friday, January 15, 2010, Hubert Le Van Gong <[email protected]> wrote: > Greetings, > Is it correct to say the spec (2.0) does not mandate a specific momentin the > protocol at which the RP/realm validation should occur?For instance, the OP > could first authenticate the user and thenperform RP verification or it could > do that validation before authenticatingthe user. Although the latter seems > more intuitive (and efficient) would bothbe compliant? > Cheers,Hubert > > > --Hubert A. Le Van GongIdentity ArchitectSun microsystems, Inc. > > 17 Rue DupreyGrenoble, 38000France > --------------------------------------------------email: [email protected]:+33 > 4 7663 0935blog: http://blog.levangong.com/ > N 45 11.900'W 005 44.145'Elev. 736 ft. > > -- -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
