Wayne Pierce wrote: > When I update my information at a new OP how about some way to tell > the RP it is the most authoritative. Not sure if this should be taken > care of at the application or protocol level, I'd like to see it in > the protocol though. The big concern I see with this is that anyone > could setup an OP and claim to be the most authoritative source of > information.
I agree completely. Currently, if my OP turns rogue or otherwise fail to serve me, I'm left with no recourse. A bullet-proof way of dealing with this would be with digital signatures though I sense some aversion to PKI in the OpenID community. > The OP could tell the user if there was a failure. This way the user > can notify the RP or at least be aware of the problem. Not perfect, > but it could be treated just like a bounced email or DNS update > failure. Yes, this is probably how it will be handled and it will work. I just think there will be corner cases where the user is not able to 'change course' in time. And handling corner cases sets excellent technology apart from very good technology - but it will work. Regards, Anders Feder _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs