OpenID, YADIS and Directed Identity

Johannes Ernst at
Sun Feb 12 20:25:42 UTC 2006

> ... in my
> scenario, you wouldn't enter "" at the initial  
> login, screen.
> Instead you would only enter "". At this point, then,  
> the replying
> part only knows you are somehow attached to "".  You  
> are then
> redirected (302) to's login page.  Unlike the current  
> scenario,
> the identity server ( has at this point no idea who  
> you are, so
> instead of asking just for your password and presenting the "user"  
> field
> already filled out, you would need to specify your user name at  
> login screen as well.

Not necessarily. The identity server can have a cookie, shared only  
with itself, that identifies who you are. So the sequence would be

GET relying-party -> HTML form
POST relying party -> Redirect to
GET cookie=myid -> Redirect to
GET -> Redirect to relying party with signed URL  
(if active session, otherwise ask for password first)

P.S. No hunting party ;-) as long as everybody understands that this  
is about something other than YADIS 1.0.

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url :
-------------- next part --------------

More information about the yadis mailing list