Bill Crawford wrote: > Google is taking advantage of a feature in OpenID 2.0 known as "Directed > Identity". This allows an OpenID 2.0 Relying Party to start the OpenID > protocol flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to > allow for "one click" style login dialogues. By performing discovery on > this URL, using the XRDS XML format, the OpenID Provider advertises the > OpenID Endpoint URL for the Relying Party to make a request against. > Google is doing this correctly with the URL to perform discovery against > being https://www.google.com/accounts/o8/id. And how are the sites supposed to know this URL? By hardcoding a list of such URLs? (Yuck! That pretty much defeats the point of OpenID and brings us back to a hardcoded list of ID providers.) Or by asking the user to paste it? (Even worse, now the user has to paste an obscure URL *and* enter their e-mail address rather than just pasting an obscure URL, what problem does that solve?) Kevin Kofler -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
