This blog can't be viewed on LiveJournal. Instead see

  • (comment with no subject)

    Hi Martin,

    To clarify the behaviour of the Microsoft OP, we actually do not ignore openid.identity at all.

    We see 2 scenarios here:

    1. If the coming openid.identity is, then we let user choose which OpenID Alias they want to use to sign-in and return back to the RP.

    2. If the incoming openid.identity is something else, we pre-fill and block the OpenID Alias in login screen from being changed. Naturally, we also provide a Cancel option for users to go to RP to change their claimed identity.

    So if the user entering a specific URI / alias at the RP, they can either sign-in to our OP and prove they own that Alias, or they must cancel if they can't / don't.

    We think we are doing the right thing here, but we welcome feedback and discussion from the community.

    Hope that helps to clarify the situation.

    - Jorgen Thelin
    By ext_130600 at 09:40 pm on 28th Oct 2008
    • (comment with no subject)

      Hi Jorgen,

      I think I was mistaken about the Windows Live ID OP. I must confess that I only experimented with it briefly and I may have made an error when I was testing.

      I notice that the directed identity endpoint declares openid2.provider in its HTML, which is not supposed to be declared for a directed identity endpoint. The endpoint is, however, using the Accept header to trigger sending back an XRDS document with the correct information in it, so I think perhaps this was the source of my confusion. Having tried it again now I see that it does work as expected.

      I apologise for posting misleading information. It may be worth considering removing the element from the HTML produced at that endpoint when no Accept header is sent; while no compliant OpenID 2.0 RP should see it, it is a little confusing to humans like me.

      (As a side note, I assume by the fact that you've managed to comment with your identifer that LiveJournal has upgraded their RP to support OpenID 2.0, which is good news. My blog only supporting 1.1 was a bit embarassing. ;))

      By Martin Atkins at 09:55 pm on 28th Oct 2008
    • test

      By ext_130748 at 07:44 pm on 29th Oct 2008