Some questions from a "Newbie"

Lukas Leander Rosenstock webmaster at
Wed Sep 14 02:02:49 PDT 2005

Hello everybody!
I've just found out about the OpenID project yesterday and I really like 
it, just recently thought about something like this, too. It took me 
some time to understand the specs but now I've got the point. In the 
next weeks I will try to implement first a consumer and then a server as 
an ISAPI-DLL in Borland Delphi (of course letting you know).
I have some questions about the specs, I hope they haven't been on the 
list before (just scanned the archives quickly):
1) Why do you need openid.delegate? One could just tell his account on a 
service, lets call it "", to accept "" as 
login URL. Of course this is possible with the current specs but they 
say this is discouraged. Is it for privacy reasons (not letting 
"" know that I use them to verify "")?
2) For the communication between consumer and server, why not use 
XML-RPC instead of this plain POST-request and the key/value-pairs? I 
believed, just thinking about Pingback, this is the way to go for 
communication between servers.
3) How long should an assoc_handle and an associated mac_key work, in 
other words what's a "suggested" value for expires_in? Minutes, days, 
weeks, months, years?
Sorry for all of these questions, I hope someone finds the time to 
answer them!


More information about the yadis mailing list