Some questions from a "Newbie"
Lukas Leander Rosenstock
webmaster at lukasrosenstock.net
Wed Sep 14 02:02:49 PDT 2005
I've just found out about the OpenID project yesterday and I really like
it, just recently thought about something like this, too. It took me
some time to understand the specs but now I've got the point. In the
next weeks I will try to implement first a consumer and then a server as
an ISAPI-DLL in Borland Delphi (of course letting you know).
I have some questions about the specs, I hope they haven't been on the
list before (just scanned the archives quickly):
1) Why do you need openid.delegate? One could just tell his account on a
service, lets call it "openidserver.com", to accept "mydomain.com" as
login URL. Of course this is possible with the current specs but they
say this is discouraged. Is it for privacy reasons (not letting
"openidserver.com" know that I use them to verify "mydomain.com")?
2) For the communication between consumer and server, why not use
XML-RPC instead of this plain POST-request and the key/value-pairs? I
believed, just thinking about Pingback, this is the way to go for
communication between servers.
3) How long should an assoc_handle and an associated mac_key work, in
other words what's a "suggested" value for expires_in? Minutes, days,
weeks, months, years?
Sorry for all of these questions, I hope someone finds the time to
More information about the yadis