S. Alexander Jacobson
alex at alexjacobson.com
Fri Jan 6 19:17:51 UTC 2006
I apologize in advance if this is a FAQ, but I just read finally took
the time to read through the OpenId spec more carefully and it seems
overly complex for what it is trying to accomplish. Why not get rid
of all the complex message formats and non-opaque URLs and do
something like this:
1. Consumer recieves openid_url 
2. Consumer retreives openid.server for this openid_url 
3. Consumer establishes is_user URL with server and gets back redirect URL
4. Consumer redirects UA to redirect URL.
5. Consumer trusts user has openId if it receives a
 Need some way to handle whether this GET is against http or https
and, if the later, what CAs are recognized by both user and consumer.
 OpenId sample documentation on openid.net don't close the link
tag, but, perhaps, should.
S. Alexander Jacobson tel:917-770-6565 http://alexjacobson.com
More information about the yadis