Motivating use cases:
1) The IdP would like to remember what the user has said a given RP
can and can't do. The IdP needs a unique identifier for the RP.
openid.realm is a wild card that could match multiple RPs.
openid.return_to is a URL that has no guarantee is being used again
by the sa
btw: this came up as we were working to implement an IdP ... so it is
a real requirement, happy to learn how others dealt with this and if
there is a different way to resolve
On 18-Oct-06, at 12:06 AM, Dick Hardt wrote:
> Motivating use cases:
>
> 1) The IdP would like to remember what the us
I'm having trouble envisioning a situation where realm is an insufficient key
for authentication purposes. If this isn't for authentication purposes, it
absolutely needs to live in an extension. IMO.
-mike
On Wed, 18 Oct 2006 00:06:42 -0700
Dick Hardt <[EMAIL PROTECTED]> wrote:
> Motivati
Dick Hardt wrote:
>
> The IdP needs a unique identifier for the RP.
> openid.realm is a wild card that could match multiple RPs.
This was by design. An RP that is exposing multiple "RP endpoints"
within the same realm is explicitly saying that it needs/wants them all
to be treated the same.
On 19-Oct-06, at 12:29 AM, Martin Atkins wrote:
> Dick Hardt wrote:
>>
>> The IdP needs a unique identifier for the RP.
>> openid.realm is a wild card that could match multiple RPs.
>
> This was by design. An RP that is exposing multiple "RP endpoints"
> within the same realm is explicitly saying
Dick Hardt wrote:
>
> Agreed that it is desirable to have multiple RP endpoints for an RP.
> Does openid.realm then uniquely identify an RP? ie. no other RP will
> use the same Realm?
>
I'd say that if two endpoints are within the same realm that they are by
definition part of the same RP.
On 19-Oct-06, at 10:24 AM, Martin Atkins wrote:
> Dick Hardt wrote:
>>
>> Agreed that it is desirable to have multiple RP endpoints for an RP.
>> Does openid.realm then uniquely identify an RP? ie. no other RP will
>> use the same Realm?
>>
>
> I'd say that if two endpoints are within the same re
Dick Hardt wrote:
>
> The issue here is that realm is an overloaded parameter. It is being
> presented to the user for the user to decide if it wants to IdP to
> provide similar results to any RP return_to that matches the
> wildcard. It is also being used by the IdP to uniquely identify the
On 22-Oct-06, at 10:44 AM, Martin Atkins wrote:
> Dick Hardt wrote:
>>
>> The issue here is that realm is an overloaded parameter. It is being
>> presented to the user for the user to decide if it wants to IdP to
>> provide similar results to any RP return_to that matches the
>> wildcard. It is a
On 22-Oct-06, at 12:55 PM, Recordon, David wrote:
> In the case where there are two realms:
> http://*.livejournal.com
> http://dick.livejournal.com
>
> I would have my IdP treat them as separate relying parties. If the RP
> directly decided to set the realm differently, then I'd imagine the
> a
David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dick Hardt
Sent: Sunday, October 22, 2006 3:51 PM
To: Martin Atkins
Cc: specs@openid.net
Subject: Re: PROPOSAL: RP identifier
On 22-Oct-06, at 10:44 AM, Martin Atkins wrote:
> Dick Hardt wrote:
>>
11 matches
Mail list logo
