ken.horn at clara.co.uk
Tue May 24 10:44:30 PDT 2005
Martin Atkins wrote:
> I covered that in the following paragraph which you snipped! The
> Consumer eventually needs to request the public key at the same URL,
> so Apache would need some way to distinguish between the auth request
> and the key request.
Is the key request defined at all?
If not, should this be an additional link on the user's blog, in
addition to openid.server? If not, do we need a relative link to the
existing server one? I think it sounds (to my non-crypto head) like the
key should be taken from the id server, but in practice could it be
taken from aliceblog.com? Just thinking that the id server will most
likely be a provider that alice is choosing to trust to hold the
keypair, but alice most likely will only be able to "publish" via her blog.
Just thinking aloud...
More information about the yadis