On 02/04/2008, Paul E. Jones <[EMAIL PROTECTED]> wrote:
> Brad,
>
> Your point about DNS limitations is valid. Then again, anybody who will be
> offering the open identity server is likely going to have control over their
> DNS. Still, I'm not opposed to alternatives.
>
> But, since you brought up the fact that one can enter yahoo.com and get
> redirected, I checked and, indeed, several OpenID sites already accept the
> e-mail ID as a form of identification—and I can get redirected to either
> Yahoo or MyOpenID.com. So, do some of the libraries already check for
> e-mail address forms? It seems that perhaps they do!
What you are seeing is probably not what you expect:
>>> from openid.consumer.discover import discover
>>> claimed_id, services = discover('[EMAIL PROTECTED]')
>>> for service in services:
... print 'Local ID:', service.getLocalID()
... print 'Server URL:', service.server_url
...
Local ID: None
Server URL: https://open.login.yahooapis.com/openid/op/auth
>>> claimed_id
'http://www.yahoo.com/'
What is happening is that "[EMAIL PROTECTED]" is being treated as
"http://[EMAIL PROTECTED]/". As "http://yahoo.com"; results in an
identifier select endpoint that will work for any Yahoo user.
Note that the HTTP username isn't being used for anything here, and
you'll get the same result by just entering "yahoo.com". I wonder if
the Yahoo guys had considered this, or if it is just a happy accident?
James.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
