Ken Horn ken.horn at
Tue May 24 10:44:30 PDT 2005

Martin Atkins wrote:

> I covered that in the following paragraph which you snipped! The 
> Consumer eventually needs to request the public key at the same URL, 
> so Apache would need some way to distinguish between the auth request 
> and the key request.

Is the key request defined at all?
If not, should this be an additional link on the user's blog, in 
addition to openid.server? If not, do we need a relative link to the 
existing server one? I think it sounds (to my non-crypto head) like the 
key should be taken from the id server, but in practice could it be 
taken from Just thinking that the id server will most 
likely be a provider that alice is choosing to trust to hold the 
keypair, but alice most likely will only be able to "publish" via her blog.

Just thinking aloud...


More information about the yadis mailing list