Re: OpenID, YADIS and Directed Identity

> ... in my
> scenario, you wouldn't enter "mart.whatever.com" at the initial  
> login, screen.
> Instead you would only enter "whatever.com". At this point, then,  
> the replying
> part only knows you are somehow attached to "whatever.com".  You  
> are then
> redirected (302) to whatever.com's login page.  Unlike the current  
> scenario,
> the identity server (whatever.com) has at this point no idea who  
> you are, so
> instead of asking just for your password and presenting the "user"  
> field
> already filled out, you would need to specify your user name at  
> whatever.com's
> login screen as well.

Not necessarily. The identity server can have a cookie, shared only  
with itself, that identifies who you are. So the sequence would be

GET relying-party -> HTML form
POST relying party identity=whatever.com -> Redirect to whatever.com
GET whatever.com cookie=myid -> Redirect to whatever.com/myid
GET whatever.com/myid -> Redirect to relying party with signed URL  
(if active session, otherwise ask for password first)


P.S. No hunting party ;-) as long as everybody understands that this  
is about something other than YADIS 1.0.




Johannes Ernst
NetMesh Inc.

 http://netmesh.info/jernst