Dick Hardt wrote: > > The IdP needs a unique identifier for the RP. > openid.realm is a wild card that could match multiple RPs.
This was by design. An RP that is exposing multiple "RP endpoints" within the same realm is explicitly saying that it needs/wants them all to be treated the same. Part of this design is the ability for the RP to move the "RP endpoint" to a different URL without breaking all existing relationships, which is an important requirement in the real world where people often expose their underlying architecture in their URLs and then have to break the URLs when the architecture changes. The realm (assuming that this is what used to be called trust_root) is what you should be using, and *allowing* that to match multiple RP endpoints is okay and desirable. _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs