Question: Yadis Service URIs in the OpenID Auth case
Kevin Turner
kevin at janrain.com
Thu Aug 24 19:04:10 UTC 2006
On Wed, 2006-08-23 at 17:54 -0700, Johannes Ernst wrote:
> Am I correct that it would be false to assume that:
> - the two service URIs reside on the same server;
> - are maintained by the same organization;
> - use the same negotiated D-H secret (aka I negotiate with one
> service URI, but successfully use it with the other), even if they
> are very similar URIs.
I think you are correct; none of those are 100% safe assumptions to
make. Some of those might be sane conventions to establish, i.e.
"everything under a single Service tag is maintained by one provider,"
but I don't think we can count on that. And even if you could count on
that one, the other two wouldn't necessarily follow.
More information about the yadis
mailing list